Buffer Overflow Vulnerability in PyTorch v2.7.0 Affecting Model Compilation
CVE-2025-55558

7.5HIGH

Key Information:

Vendor: Meta
Status: PyTorch
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-55558?

A buffer overflow vulnerability has been identified in PyTorch v2.7.0, specifically occurring when a model comprises torch.nn.Conv2d and torch.nn.functional.hardshrink functions, combined with torch.Tensor.view and torch.mv() methods. This issue can arise when the model is compiled by the Inductor, potentially leading to Denial of Service (DoS) conditions. Developers using this version of PyTorch should exercise caution and review their model configurations to prevent disruptions.

References

https://github.com/pytorch/pytorch/issues/151523

https://github.com/pytorch/pytorch/pull/151887

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Aug 13, 2025

JSON

Meta

What is CVE-2025-55558?

References

CVSS V3.1

Timeline