CVE-2025-46153

Sept. 26, 2025, 2:32 p.m.

5.3
Medium

Description

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Product(s) Impacted

Vendor Product Versions
Pytorch
  • Pytorch
  • <3.7.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1176
Inefficient CPU Computation
The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a pytorch pytorch <3.7.0 / / / / / / /

References

https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a
https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0
https://github.com/pytorch/pytorch/issues/142853
https://github.com/pytorch/pytorch/pull/143460

Tags

cve@mitre.org
2025-09-25
CVE-2025-46153
CWE-1176

CVSS Score

5.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

    View Vector String

Timeline

Published: Sept. 25, 2025, 3:16 p.m.
Last Modified: Sept. 26, 2025, 2:32 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.