CVE-2025-3730Improper Resource Shutdown or Release in Pytorch

CWE-404Improper Resource Shutdown or Release6 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 84.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linuxfoundation PytorchDebian PytorchMsrc Azl3 Pytorch 2.2.2-6 ON Azure Linux 3.0+3 more
Timeline
PublishedApr 16

Description

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a pa

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages6 packages

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
PyTorch Improper Resource Shutdown or Release vulnerability2025-04-16
OSV
CVE-2025-3730: A vulnerability, which was classified as problematic, was found in PyTorch 22025-04-16
GHSA
PyTorch Improper Resource Shutdown or Release vulnerability2025-04-16

📋Vendor Advisories

2
Microsoft
PyTorch LossCTC.cpp torch.nn.functional.ctc_loss denial of service2025-04-08
Debian
CVE-2025-3730: pytorch - A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0...2025