CVE-2025-55552 — HIGH (CVSS 7.5) AI Security Vulnerability

CISO Take

PyTorch 2.8.0 crashes when combining rot90 and randn_like due to integer overflow — any inference or training pipeline using image rotation with random tensor generation is at risk of service disruption. No authentication required to trigger if the model is exposed via API. Downgrade to a stable prior release or apply vendor patch immediately; do not run 2.8.0 in production serving environments.

Risk Assessment

High severity (CVSS 7.5) with low exploitability barrier: network-accessible, no credentials required, no user interaction. Impact is confined to availability (DoS), with no confidentiality or integrity breach. However, for AI/ML inference APIs in production, an availability-only crash is operationally severe — computer vision pipelines, data augmentation loops, and online training jobs using rotation ops are all exposed. PyTorch's ubiquity across ML stacks amplifies blast radius significantly.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch
99.6K OpenSSF 6.4 21.7K dependents Pushed 6d ago 8% patched ~142d to patch Full package profile →

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

0.1%

chance of exploitation in 30 days

Higher than 24% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C None

I None

A High

Recommended Action

5 steps

Immediate

Downgrade to PyTorch ≤2.7.x until a patched release is available — no patch version is confirmed yet (patched field is N/A).
Workaround

Audit all code paths for concurrent use of torch.rot90 and torch.randn_like; refactor to decouple or sequence these operations.
Input validation

If rotation ops are triggered by user-controlled parameters in inference APIs, add input shape/type validation as a defense-in-depth layer.
Detection

Monitor for unexpected process crashes or OOM errors in PyTorch serving containers — set up alerting on abnormal worker restarts.
Supply chain

Pin PyTorch version in CI/CD lockfiles and block auto-upgrades to 2.8.0 via dependency management tools (pip constraints, conda lock).

CISA SSVC Assessment

Decision Track*

Exploitation poc

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS Supply Chain Framework Inference AML.T0010.001 - AI Software AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 15 - Accuracy, robustness and cybersecurity of high-risk AI systems Article 9 - Risk management system

ISO 42001

A.6.2 - AI system risk management A.9.3 - Availability and resilience of AI systems

NIST AI RMF

GOVERN 4.2 - Organizational teams are committed to AI risk management MANAGE 2.2 - Mechanisms to sustain the value of AI systems over time

Frequently Asked Questions

What is CVE-2025-55552?

PyTorch 2.8.0 crashes when combining rot90 and randn_like due to integer overflow — any inference or training pipeline using image rotation with random tensor generation is at risk of service disruption. No authentication required to trigger if the model is exposed via API. Downgrade to a stable prior release or apply vendor patch immediately; do not run 2.8.0 in production serving environments.

Is CVE-2025-55552 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2025-55552, increasing the risk of exploitation.

How to fix CVE-2025-55552?

1. **Immediate**: Downgrade to PyTorch ≤2.7.x until a patched release is available — no patch version is confirmed yet (patched field is N/A). 2. **Workaround**: Audit all code paths for concurrent use of torch.rot90 and torch.randn_like; refactor to decouple or sequence these operations. 3. **Input validation**: If rotation ops are triggered by user-controlled parameters in inference APIs, add input shape/type validation as a defense-in-depth layer. 4. **Detection**: Monitor for unexpected process crashes or OOM errors in PyTorch serving containers — set up alerting on abnormal worker restarts. 5. **Supply chain**: Pin PyTorch version in CI/CD lockfiles and block auto-upgrades to 2.8.0 via dependency management tools (pip constraints, conda lock).

What systems are affected by CVE-2025-55552?

This vulnerability affects the following AI/ML architecture patterns: model inference serving, training pipelines, data augmentation pipelines, computer vision deployments.

What is the CVSS score for CVE-2025-55552?

CVE-2025-55552 has a CVSS v3.1 base score of 7.5 (HIGH). The EPSS exploitation probability is 0.08%.

Technical Details

NVD Description

pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.

Exploitation Scenario

An adversary targets a computer vision inference API built on PyTorch 2.8.0 — for example, a fraud detection service or medical imaging classifier. By submitting a crafted image request that causes the backend to invoke torch.rot90 followed by torch.randn_like (common in test-time augmentation or TTA ensembling), the adversary triggers an integer overflow crash, taking down the worker process. In a serverless or auto-scaling environment this could generate cascading restarts. In a Kubernetes cluster with a single replica, it results in service unavailability. No ML expertise is required — knowledge of the API's augmentation pipeline and the public GitHub issue is sufficient to reproduce.