CVE-2025-55560 — HIGH (CVSS 7.5) AI Security Vulnerability

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
pytorch	pip	—	No patch

Do you use pytorch? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

Weaknesses (CWE)

CWE-400

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc
3rd Party
github.com/pytorch/pytorch/issues/151522
Issue
github.com/pytorch/pytorch/pull/151897
Issue Patch

Timeline

Published

September 25, 2025

Last Modified

October 14, 2025

First Seen

September 25, 2025