CVE-2025-55560 is a high-severity vulnerability identified in PyTorch version 2.7.0, a widely used open-source machine learning framework. The issue arises when a PyTorch model utilizes the methods torch.Tensor.to_sparse() and torch.Tensor.to_dense() in combination and is compiled using the Inductor compiler backend. This specific sequence can lead to a Denial of Service (DoS) condition. The vulnerability is categorized under CWE-400, which relates to uncontrolled resource consumption, indicating that the flaw likely causes excessive resource usage (such as CPU or memory) leading to service disruption. The vulnerability does not require any privileges or user interaction to be exploited and can be triggered remotely (AV:N/AC:L/PR:N/UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity loss. Although no known exploits are currently reported in the wild, the CVSS score of 7.5 reflects a significant risk due to the ease of exploitation and potential disruption to services relying on PyTorch models compiled with Inductor. The absence of patch links suggests that a fix may not yet be available or publicly disclosed. This vulnerability specifically affects machine learning workflows that convert tensors between sparse and dense formats during model compilation, which could be common in resource-optimized or large-scale AI deployments.

For European organizations, especially those engaged in AI research, development, and deployment, this vulnerability poses a risk of service outages in critical machine learning applications. Industries such as finance, healthcare, automotive, and telecommunications that leverage PyTorch for AI-driven analytics, diagnostics, autonomous systems, or customer services could experience disruptions. A successful DoS attack could degrade operational efficiency, delay decision-making processes, and impact customer-facing services. Given the increasing reliance on AI models in European digital infrastructure and the EU's emphasis on AI regulation and trustworthiness, such disruptions could also have regulatory and reputational consequences. Furthermore, organizations using cloud-based AI platforms or managed ML services that incorporate PyTorch 2.7.0 with Inductor compilation might face indirect exposure if their providers are affected.

Organizations should immediately audit their AI/ML environments to identify deployments using PyTorch version 2.7.0 with Inductor compilation, particularly those involving tensor conversions between sparse and dense formats. Until an official patch is released, mitigation strategies include: 1) Avoid compiling models with Inductor when using to_sparse() and to_dense() methods; 2) Refactor models to minimize or eliminate the use of these tensor conversion methods if Inductor compilation is necessary; 3) Implement resource usage monitoring and limits on ML workloads to detect and contain abnormal consumption indicative of exploitation attempts; 4) Employ network-level protections to restrict access to ML model serving endpoints; 5) Engage with PyTorch maintainers and monitor official channels for patches or updates; 6) Test updated models in isolated environments before production deployment to ensure stability. Additionally, organizations should incorporate this vulnerability into their incident response plans and conduct tabletop exercises simulating DoS scenarios in AI services.