QwikSec

Security Database

CVE

CWE

Training

CVE-2025-4287

Published: May 5, 2025

Modified: May 6, 2025

PUBLISHED

CVSS v3.1

3.3

LOW

Description

A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as 5827d2061dcb4acd05ac5f8e65d8693a481ba0f5. It is recommended to apply a patch to fix this issue.

Vendor	Product	Versions
n/a	PyTorch	affected `2.6.0+cu124`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-307394 | PyTorch nccl.py torch.cuda.nccl.reduce denial of service

vdb-entry

technical-description

VDB-307394 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #553644 | pytorch pytorch (in torch.cuda.nccl.reduce) 2.6.0 Denial of Service

third-party-advisory

https://github.com/pytorch/pytorch/issues/150836

issue-tracking

https://github.com/pytorch/pytorch/pull/150923

issue-tracking

https://github.com/pytorch/pytorch/issues/150836#issue-2979097872

exploit

issue-tracking

https://github.com/Divigroup-RAP/PYTORCH/commit/5827d2061dcb4acd05ac5f8e65d8693a481ba0f5

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.