CVE-2025-4287

low-risk

Published 2025-05-05

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Do I need to act?

0.08% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

References (7)

https://github.com/Divigroup-RAP/PYTORCH/commit/5827d2061dcb4acd05ac5f8e65d8693a...

https://github.com/pytorch/pytorch/issues/150836

https://github.com/pytorch/pytorch/issues/150836#issue-2979097872

https://github.com/pytorch/pytorch/pull/150923

https://vuldb.com/?ctiid.307394

https://vuldb.com/?id.307394

https://vuldb.com/?submit.553644

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal