Login Sign Up

CVE-2025-46152

5.3 MEDIUM

📋 TL;DR

A vulnerability in PyTorch's bitwise_right_shift function produces incorrect output when given out-of-bounds values for the 'other' argument. This could lead to incorrect calculations in machine learning models or data processing pipelines. Users of PyTorch versions before 2.7.0 are affected.

💻 Affected Systems

Products:
  • PyTorch
Versions: All versions before 2.7.0
Operating Systems: All platforms running PyTorch
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects code using the bitwise_right_shift function with problematic input values.

📦 What is this software?

Pytorch by Linuxfoundation

View all CVEs affecting Pytorch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Incorrect model outputs leading to wrong decisions in critical systems like autonomous vehicles, medical diagnostics, or financial predictions.

🟠

Likely Case

Subtle calculation errors in machine learning pipelines causing degraded model performance or unexpected behavior.

🟢

If Mitigated

Limited impact if proper input validation and error handling are implemented in application code.

🌐 Internet-Facing: LOW - This is primarily a library function vulnerability requiring specific usage patterns.
🏢 Internal Only: MEDIUM - Data processing pipelines and ML models could produce incorrect results affecting business logic.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires control over the 'other' argument passed to bitwise_right_shift function calls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: PyTorch 2.7.0 and later

Vendor Advisory: https://github.com/pytorch/pytorch/issues/143555

Restart Required: No

Instructions:

1. Update PyTorch using pip: 'pip install torch==2.7.0' or 'pip install --upgrade torch'. 2. Verify the update with 'pip show torch'. 3. Test affected code to ensure proper behavior.

🔧 Temporary Workarounds

Input validation wrapper

all

Wrap bitwise_right_shift calls with validation to ensure 'other' argument is within bounds

def safe_bitwise_right_shift(tensor, other):
    if other < 0 or other >= tensor.element_size() * 8:
        raise ValueError('other argument out of bounds')
    return torch.bitwise_right_shift(tensor, other)

🧯 If You Can't Patch

  • Implement input validation for all bitwise_right_shift calls to ensure 'other' argument is within valid range
  • Add monitoring for unexpected outputs from models using bitwise operations

🔍 How to Verify

Check if Vulnerable:

Check PyTorch version with 'python -c "import torch; print(torch.__version__)"' and verify it's below 2.7.0

Check Version:

python -c "import torch; print(torch.__version__)"

Verify Fix Applied:

After updating, test bitwise_right_shift with edge cases that previously produced incorrect output

📡 Detection & Monitoring

Log Indicators:

  • Unexpected errors or warnings from PyTorch bitwise operations
  • Model performance degradation without clear cause

Network Indicators:

  • None - this is a local computation vulnerability

SIEM Query:

Search for Python/PyTorch error logs containing 'bitwise_right_shift' or related bitwise operation errors

📊 Metadata

CVE ID: CVE-2025-46152
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-787
EPSS Score: 0.08% exploit probability (24.1th percentile)
Published: September 25, 2025
Last Updated: October 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46152, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)