Denial of Service Vulnerability in PyTorch by Meta
CVE-2025-55560

7.5HIGH

Key Information:

Vendor: Meta
Status: PyTorch
Vendor: CVE Published:; 25 September 2025

What is CVE-2025-55560?

A vulnerability in PyTorch version 2.7.0 can potentially lead to a Denial of Service (DoS) attack. This issue arises when models utilize the torch.Tensor.to_sparse() and torch.Tensor.to_dense() functions while being compiled by Inductor. The misuse of these tensor methods can cause significant performance degradation, resulting in service unavailability. It is crucial for developers using this version of PyTorch to be aware of this flaw and take necessary precautions to mitigate the associated risks.

References

https://github.com/pytorch/pytorch/issues/151522

https://github.com/pytorch/pytorch/pull/151897

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Aug 13, 2025

JSON