CVE-2025-63396

LOW3.3EPSS 0.03%

發布日:2025/11/12修改日:2026/5/21

描述

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

受影響套件(3)

Bitnami/pytorch>= 2.5.0, < 2.5.1, >= 2.7.1, < 2.8.0
Debian/pytorchfrom 0
PyPI/torchfrom 0, <= 2.5.0-NA, <= 2.7.1-NA

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	LOW3.3	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

參考連結(6)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-63396
PATCHhttps://github.com/pytorch/pytorch
REPORThttps://github.com/pytorch/pytorch/issues/156563
WEBhttp://pytorch.com
WEBhttps://github.com/Daisy2ang
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-63396