PyTorch 2.6.0 ctc_loss Local DoS Vulnerability
CVE-2025-3730 Published on April 16, 2025
PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 36 days later.
Weakness Type
Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Products Associated with CVE-2025-3730
Want to know whenever a new CVE is published for Linux Foundation Pytorch? stack.watch will email you.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.