CVE-2025-3730

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3730
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://github.com/pytorch/pytorch/issues/150835
https://github.com/pytorch/pytorch/issues/150835#issue-2979082232
https://github.com/pytorch/pytorch/pull/150981
https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567
https://vuldb.com/?ctiid.305076
https://vuldb.com/?id.305076
https://vuldb.com/?submit.553645
https://github.com/pytorch/pytorch/issues/150835
Configurations

No configuration.

History

22 May 2025, 22:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad clasificada como problemática en PyTorch 2.6.0. La función torch.nn.functional.ctc_loss del archivo aten/src/ATen/native/LossCTC.cpp está afectada. La manipulación provoca una denegación de servicio. Un ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. El parche se llama 46fc5d8e360127361211cb237d5f9eef0223e567. Se recomienda aplicar un parche para solucionar este problema.
Summary (en) A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. (en) A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

17 Apr 2025, 14:15

Type Values Removed Values Added
References () https://github.com/pytorch/pytorch/issues/150835 - () https://github.com/pytorch/pytorch/issues/150835 -

16 Apr 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 21:15

Updated : 2025-05-22 22:15

NVD link : CVE-2025-3730

Mitre link : CVE-2025-3730

CVE.ORG link : CVE-2025-3730

JSON object : View

Products Affected

No product.

CWE
CWE-404

Improper Resource Shutdown or Release