CVE-2025-63396

EUVD-2025-131935
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxfoundationpytorch
2.5.0
linuxfoundationpytorch
2.7.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pytorch
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pytorch
jammy
needs-triage
noble
dne
plucky
ignored
questing
needs-triage
Common Weakness Enumeration
References
http://pytorch.com
https://github.com/Daisy2ang
https://github.com/pytorch/pytorch
https://github.com/pytorch/pytorch/issues/156563