CVE-2025-4287

LOW

PyTorch 2.6.0+cu124 - DoS

Title source: llm

Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

References (7)

[Permissions Required, VDB Entry] https://vuldb.com/?id.307394

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.307394

[Permissions Required, VDB Entry] https://vuldb.com/?submit.553644

[Issue Tracking] https://github.com/pytorch/pytorch/issues/150836

[Issue Tracking] https://github.com/pytorch/pytorch/issues/150836#issue-2979097872

[Patch] https://github.com/Divigroup-RAP/PYTORCH/commit/5827d2061dcb4acd05ac5f8e65d8693a481ba0f5

View Patch ZIP pw:eip

[Issue Tracking] https://github.com/pytorch/pytorch/pull/150923

Scores

CVSS v3 3.3

EPSS 0.0008

EPSS Percentile 22.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

n/a/PyTorch 2.6.0+cu124

Published May 05, 2025

Tracked Since Feb 18, 2026