CVE-2025-63396

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
mitreCNA
---
---
CISA-ADPADP
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
pytorch
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pytorch
questing
needs-triage
plucky
needs-triage
noble
dne
jammy
needs-triage
Common Weakness Enumeration
References
http://pytorch.com
https://github.com/Daisy2ang
https://github.com/pytorch/pytorch
https://github.com/pytorch/pytorch/issues/156563