VDB
CVE-2025-2953
CVE-2025-2953
PUBLISHED
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
EPSS 0.06% · 18.5th percentile
Risk Scores
EPSS Score
0.06%
18.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | pytorch | 2.6.0 |
| Bitnami | pytorch | 2.6.0 |
Exploit Intelligence
Timeline
- Mar 30, 2025 CVE Published
- Mar 30, 2025 Coalition ESS Score
- Mar 31, 2025 EPSS Score
- Mar 31, 2025 Coalition ESS Score
- Apr 5, 2025 Coalition ESS Score
- Apr 13, 2025 EPSS Score
- Apr 22, 2025 CVE Updated
- Apr 26, 2025 EPSS Score
- May 9, 2025 EPSS Score
- May 22, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jun 7, 2025 Coalition ESS Score
References
- https://github.com/pytorch/pytorch/issues/149274 url
- https://github.com/pytorch/pytorch/issues/149274#issue-2923122269 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-2953 url
- https://vuldb.com/?ctiid.302006 url
- https://vuldb.com/?id.302006 url
- https://vuldb.com/?submit.521279 url
- https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models url