CVE Catalog

CVE-2025-63396

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

In PyTorch versions 2.5 and 2.7.1, omitting profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

Risk Assessment

An attacker can exploit this vulnerability to crash or hang applications using PyTorch, resulting in service disruption and potential loss of availability.

Recommendation

It is recommended to update PyTorch to a patched version and ensure the profiler is always properly stopped by calling profiler.stop().

Original NVD description (English source)

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS