CVE-2025-3136

low-risk

Published 2025-04-03

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (1)

Pytorch

Affected Vendors

Linuxfoundation

References (7)

Exploit https://github.com/pytorch/pytorch/issues/149821

Exploit https://github.com/pytorch/pytorch/issues/149821#issue-2940838975

Exploit https://github.com/pytorch/pytorch/issues/149821#issuecomment-2765311086

Permissions Required https://vuldb.com/?ctiid.303041

Third Party Advisory https://vuldb.com/?id.303041

Exploit https://vuldb.com/?submit.525252

Not Applicable https://github.com/ARPANET-cybersecurity/vuldb/issues/2

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal