CVE-2025-63396 — Improper Locking in Pytorch

CWE-667 — Improper Locking CWE-772 — Missing Release of Resource after Effective Lifetime5 documents5 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 93.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Pytorch Debian Pytorch

Timeline

PublishedNov 12

Description

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶debiandebian/pytorch

▶NVDlinuxfoundation/pytorch2.5.0, 2.7.1+1

🔴Vulnerability Details

GHSA

GHSA-3w6q-rqw9-h6qx: An issue was discovered in PyTorch v2↗2025-11-12

▶

OSV

CVE-2025-63396: An issue was discovered in PyTorch v2↗2025-11-12

▶

📋Vendor Advisories

Red Hat

pytorch: PyTorch denial of service↗2025-11-12

▶

Debian

CVE-2025-63396: pytorch - An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() ...↗2025

▶