CVE-2025-46149 – This CVE describes an assertion error vulnerabi... (How to Fix)

Q: What is the severity of CVE-2025-46149?

CVE-2025-46149 has a CVSS score of 5.3 (MEDIUM). This CVE describes an assertion error vulnerability in PyTorch's nn.Fold module when using the inductor compiler. The vulnerability can cause denial of service by crashing applications that use affected PyTorch functionality. Users running PyTorch with inductor enabled for nn.Fold operations are affected.

📋 TL;DR

This CVE describes an assertion error vulnerability in PyTorch's nn.Fold module when using the inductor compiler. The vulnerability can cause denial of service by crashing applications that use affected PyTorch functionality. Users running PyTorch with inductor enabled for nn.Fold operations are affected.

💻 Affected Systems

Products:

PyTorch

Versions: All versions before 2.7.0

Operating Systems: All platforms running PyTorch

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when using nn.Fold with inductor compiler enabled. Default PyTorch configurations may not trigger this issue.

📦 What is this software?

Pytorch by Linuxfoundation

View all CVEs affecting Pytorch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service in production systems using PyTorch with inductor for nn.Fold operations.

🟠

Likely Case

Development or inference pipeline failures when processing specific tensor shapes with nn.Fold and inductor enabled.

🟢

If Mitigated

Minor development disruption with quick workaround available.

🌐 Internet-Facing: LOW - This is primarily a library/development tool issue, not typically internet-facing.

🏢 Internal Only: MEDIUM - Could affect internal ML pipelines and development workflows.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires specific tensor shapes and inductor usage to trigger assertion error. No known remote exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PyTorch 2.7.0 and later

Vendor Advisory: https://github.com/pytorch/pytorch/issues/147848

Restart Required: No

Instructions:

1. Upgrade PyTorch to version 2.7.0 or later using pip: 'pip install torch==2.7.0' or 'pip install --upgrade torch'. 2. Verify the fix by testing nn.Fold operations with inductor enabled.

🔧 Temporary Workarounds

Disable inductor for nn.Fold operations

all

Temporarily disable the inductor compiler when using nn.Fold to avoid the assertion error.

torch._inductor.config.triton.cudagraphs = False
torch._inductor.config.cpp.enabled = False

🧯 If You Can't Patch

Avoid using nn.Fold with inductor compiler enabled in production code
Implement error handling to catch assertion errors and gracefully degrade functionality

🔍 How to Verify

Check if Vulnerable:

Check if using PyTorch <2.7.0 and test nn.Fold with inductor enabled on problematic tensor shapes.

Check Version:

python -c "import torch; print(torch.__version__)"

Verify Fix Applied:

After upgrading to PyTorch 2.7.0+, test the same nn.Fold operations that previously triggered assertion errors.

📡 Detection & Monitoring

Log Indicators:

AssertionError in PyTorch logs
Application crashes with PyTorch stack traces mentioning nn.Fold or inductor

Network Indicators:

None - this is a local library issue

SIEM Query:

source="*pytorch*" AND ("AssertionError" OR "nn.Fold" OR "inductor")

📊 Metadata

CVE ID: CVE-2025-46149

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-617

EPSS Score: 0.06% exploit probability (17.9th percentile)

Published: September 25, 2025

Last Updated: October 3, 2025

🔗 References

https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a Third Party Advisory
https://github.com/pytorch/pytorch/issues/147848 Issue Tracking
https://github.com/pytorch/pytorch/pull/147961 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46149, you might also want to check these: