CVE-2025-55558 — HIGH (CVSS 7.5) AI Security Vulnerability

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

Weaknesses (CWE)

CWE-400

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
3rd Party
github.com/pytorch/pytorch/issues/151523
Issue
github.com/pytorch/pytorch/pull/151887
Issue Patch

Timeline

Published

September 25, 2025

Last Modified

October 3, 2025

First Seen

September 25, 2025