CVE-2025-46153

MEDIUM

Published September 25, 2025

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d,...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

5.3 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Weaknesses (CWE)

CWE-1176

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
3rd Party
gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a
3rd Party
github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0
Product
github.com/pytorch/pytorch/issues/142853
Issue
github.com/pytorch/pytorch/pull/143460
Issue Patch

Timeline

Published

September 25, 2025

Last Modified

October 3, 2025

First Seen

September 25, 2025

Back to Threat Feed