Skip to main content

CVE-2025-3730: Denial of Service in PyTorch

Medium
VulnerabilityCVE-2025-3730cvecve-2025-3730
Published: Wed Apr 16 2025 (04/16/2025, 21:00:17 UTC)
Source: CVE
Vendor/Project: n/a
Product: PyTorch

Description

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

AI-Powered Analysis

AILast updated: 07/08/2025, 04:57:58 UTC

Technical Analysis

CVE-2025-3730 is a medium-severity vulnerability identified in PyTorch version 2.6.0, specifically within the function torch.nn.functional.ctc_loss located in the source file aten/src/ATen/native/LossCTC.cpp. The vulnerability allows an attacker with local access and low privileges to cause a denial of service (DoS) condition by manipulating inputs to this function. The vulnerability does not require user interaction, elevated privileges beyond low-level local access, or network access, limiting the attack vector to local exploitation. The vulnerability was publicly disclosed on April 16, 2025, and a patch has been issued (commit 46fc5d8e360127361211cb237d5f9eef0223e567) to address the issue. Although the vulnerability's real existence has been questioned, the presence of a patch and public disclosure indicates a credible risk. The PyTorch project also warns against using unknown or untrusted models, as these could potentially introduce malicious effects, which may be related to or exacerbate this vulnerability. The CVSS 4.0 base score is 4.8, reflecting a medium severity with local attack vector, low complexity, no privileges required beyond local user, and no user interaction needed. The vulnerability impacts availability by causing denial of service but does not affect confidentiality or integrity. No known exploits are currently observed in the wild, but the public disclosure means that exploitation techniques could emerge. This vulnerability is relevant for organizations using PyTorch 2.6.0, particularly those running machine learning workloads locally where untrusted users or processes may have access to invoke the vulnerable function.

Potential Impact

For European organizations, the impact of CVE-2025-3730 is primarily related to service availability and operational continuity in environments utilizing PyTorch 2.6.0 for machine learning tasks. Organizations in sectors such as research institutions, AI development companies, and enterprises deploying AI models locally could face disruptions if an attacker exploits this vulnerability to cause denial of service. This could lead to downtime of AI services, delayed processing of machine learning workloads, and potential cascading effects on dependent systems. Since the attack requires local access, the risk is heightened in multi-user environments, shared computing resources, or cloud instances where multiple tenants or users have access. The warning about unknown models suggests a risk vector where maliciously crafted models could trigger the vulnerability, increasing the threat surface. However, the lack of remote exploitability and the medium severity score limit the overall risk to highly targeted or insider threat scenarios rather than broad external attacks. European organizations with strict data protection and operational resilience requirements should consider this vulnerability in their risk assessments, especially where AI workloads are critical to business operations or research.

Mitigation Recommendations

1. Apply the official patch identified by commit 46fc5d8e360127361211cb237d5f9eef0223e567 to upgrade PyTorch from version 2.6.0 to a fixed version as soon as possible. 2. Restrict local access to systems running PyTorch, ensuring that only trusted and authorized users can execute machine learning workloads, thereby reducing the risk of local exploitation. 3. Implement strict controls and validation on models loaded into PyTorch environments, avoiding the use of unknown or untrusted models that could trigger malicious behavior or exploit this vulnerability. 4. Monitor system logs and application behavior for signs of denial of service or abnormal crashes related to the ctc_loss function. 5. In multi-tenant or shared environments, enforce containerization or sandboxing to isolate PyTorch processes and limit the impact of potential exploitation. 6. Educate developers and data scientists about the risks of using unverified models and the importance of applying security patches promptly. 7. Incorporate vulnerability scanning and patch management processes specifically targeting AI/ML frameworks like PyTorch in the organization's cybersecurity program.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-04-16T13:41:20.997Z
Cisa Enriched
true
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682f9c790acd01a2492700bb

Added to database: 5/22/2025, 9:51:53 PM

Last enriched: 7/8/2025, 4:57:58 AM

Last updated: 7/27/2025, 12:30:13 PM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats