CVE-2025-55554 — MEDIUM (CVSS 5.3) AI Security Vulnerability

CISO Take

CVE-2025-55554 affects PyTorch 2.8.0 with an integer overflow in torch.nan_to_num when casting to long, exploitable remotely with no authentication to crash inference services. Impact is availability-only — no data exposure or code execution. If your ML serving infrastructure runs PyTorch 2.8.0, assess exposure of inference endpoints and prioritize patching when upstream releases a fix.

Risk Assessment

Medium risk with narrow exploitability window specific to PyTorch 2.8.0. CVSS 5.3 (AV:N/AC:L/PR:N/UI:N) means it can be triggered over the network without credentials, but blast radius is limited to service availability. Not in CISA KEV. No evidence of active exploitation. Risk elevates significantly for organizations exposing PyTorch inference APIs directly to untrusted networks or user-controlled inputs that flow into numerical preprocessing stages.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch
99.6K OpenSSF 6.4 21.7K dependents Pushed 6d ago 8% patched ~142d to patch Full package profile →

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

5.3 / 10

EPSS

0.1%

chance of exploitation in 30 days

Higher than 18% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C None

I None

A Low

Recommended Action

6 steps

Inventory all deployments using PyTorch 2.8.0 and identify services exposing inference to external inputs.
Monitor https://github.com/pytorch/pytorch/issues/151510 for official patch release.
Workaround: add input validation to reject or clamp extreme numerical values before calling nan_to_num; avoid .long() conversion on untrusted float tensors without bounds checking.
For production serving, wrap inference calls in exception handlers to prevent process termination on overflow.
Consider pinning to a patched version as soon as one is released.
Detection: monitor inference service crash logs for unexpected termination correlated with nan_to_num stack traces.

CISA SSVC Assessment

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS Supply Chain Framework Inference AML.T0010.001 - AI Software AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Article 9 - Risk management system for high-risk AI

ISO 42001

6.1.2 - AI risk assessment 8.4 - AI system documentation and operational controls

NIST AI RMF

MANAGE-2.2 - Mechanisms to sustain the value of deployed AI are evaluated and applied

Frequently Asked Questions

What is CVE-2025-55554?

CVE-2025-55554 affects PyTorch 2.8.0 with an integer overflow in torch.nan_to_num when casting to long, exploitable remotely with no authentication to crash inference services. Impact is availability-only — no data exposure or code execution. If your ML serving infrastructure runs PyTorch 2.8.0, assess exposure of inference endpoints and prioritize patching when upstream releases a fix.

Is CVE-2025-55554 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2025-55554, increasing the risk of exploitation.

How to fix CVE-2025-55554?

1. Inventory all deployments using PyTorch 2.8.0 and identify services exposing inference to external inputs. 2. Monitor https://github.com/pytorch/pytorch/issues/151510 for official patch release. 3. Workaround: add input validation to reject or clamp extreme numerical values before calling nan_to_num; avoid .long() conversion on untrusted float tensors without bounds checking. 4. For production serving, wrap inference calls in exception handlers to prevent process termination on overflow. 5. Consider pinning to a patched version as soon as one is released. 6. Detection: monitor inference service crash logs for unexpected termination correlated with nan_to_num stack traces.

What systems are affected by CVE-2025-55554?

This vulnerability affects the following AI/ML architecture patterns: model serving, training pipelines, inference APIs, data preprocessing pipelines.

What is the CVSS score for CVE-2025-55554?

CVE-2025-55554 has a CVSS v3.1 base score of 5.3 (MEDIUM). The EPSS exploitation probability is 0.06%.

Technical Details

NVD Description

pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().

Exploitation Scenario

An adversary targets a publicly accessible ML inference API (e.g., a feature scoring or anomaly detection service) built on PyTorch 2.8.0. They craft a payload containing extreme floating-point values (NaN, +Inf, or values near INT64_MAX) in the input tensor. When the service preprocesses the input using torch.nan_to_num(...).long(), the integer overflow triggers, crashing the inference worker. In a Kubernetes or containerized deployment, the crashed pod restarts automatically, but repeated requests create a sustained DoS — effectively making the AI service unavailable without needing any authentication or special privileges. This is particularly damaging in real-time scoring pipelines (fraud detection, content moderation) where availability is SLA-critical.