CVE-2025-46153

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-46153
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a Third Party Advisory
https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a Third Party Advisory
https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0 Product
https://github.com/pytorch/pytorch/issues/142853 Issue Tracking
https://github.com/pytorch/pytorch/pull/143460 Issue Tracking Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:pytorch:*:-:*:*:*:python:*:*
History

03 Oct 2025, 17:56

Type Values Removed Values Added
First Time Linuxfoundation
Linuxfoundation pytorch
CPE cpe:2.3:a:linuxfoundation:pytorch:*:-:*:*:*:python:*:*
References () https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a - () https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a - Third Party Advisory
References () https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a - () https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a - Third Party Advisory
References () https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0 - () https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0 - Product
References () https://github.com/pytorch/pytorch/issues/142853 - () https://github.com/pytorch/pytorch/issues/142853 - Issue Tracking
References () https://github.com/pytorch/pytorch/pull/143460 - () https://github.com/pytorch/pytorch/pull/143460 - Issue Tracking, Patch

25 Sep 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
CWE CWE-1176

25 Sep 2025, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-25 15:16

Updated : 2025-10-03 17:56

NVD link : CVE-2025-46153

Mitre link : CVE-2025-46153

CVE.ORG link : CVE-2025-46153

JSON object : View

Products Affected

linuxfoundation

  • pytorch
CWE
CWE-1176

Inefficient CPU Computation