CVE-2025-55557 – A vulnerability in PyTorch v2.7.0 causes a Name... (How to Fix)

Q: What is the severity of CVE-2025-55557?

CVE-2025-55557 has a CVSS score of 7.5 (HIGH). A vulnerability in PyTorch v2.7.0 causes a Name Error when models containing torch.cummin operations are compiled with Inductor, leading to Denial of Service (DoS). This affects applications using PyTorch for machine learning inference or training with specific model architectures. The vulnerability is triggered during model compilation, not during normal execution.

📋 TL;DR

A vulnerability in PyTorch v2.7.0 causes a Name Error when models containing torch.cummin operations are compiled with Inductor, leading to Denial of Service (DoS). This affects applications using PyTorch for machine learning inference or training with specific model architectures. The vulnerability is triggered during model compilation, not during normal execution.

💻 Affected Systems

Products:

PyTorch

Versions: v2.7.0 specifically

Operating Systems: All operating systems running PyTorch

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects models using torch.cummin operation when compiled with Inductor compiler. Standard eager mode execution is not affected.

📦 What is this software?

Pytorch by Linuxfoundation

View all CVEs affecting Pytorch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption for PyTorch-based applications when processing specific model architectures, causing downtime for ML inference services or training pipelines.

🟠

Likely Case

Intermittent crashes or failures during model compilation phases, disrupting ML workflows and requiring manual intervention to restart processes.

🟢

If Mitigated

Minor service interruptions during development/testing phases with quick recovery through process restart or model modification.

🌐 Internet-Facing: MEDIUM - ML inference APIs could be disrupted if attackers can trigger compilation of malicious models, but requires specific model architecture knowledge.

🏢 Internal Only: MEDIUM - Internal ML training pipelines and development environments could experience disruptions affecting productivity and model deployment timelines.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to submit PyTorch models for compilation with Inductor. Public proof-of-concept exists in GitHub issues. Weaponization likely for targeted DoS attacks against ML services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in PyTorch v2.7.1 and later

Vendor Advisory: https://github.com/pytorch/pytorch/issues/151738

Restart Required: Yes

Instructions:

1. Update PyTorch using pip: 'pip install --upgrade torch>=2.7.1' 2. Restart all PyTorch-dependent services 3. Recompile any affected models with updated version

🔧 Temporary Workarounds

Disable Inductor Compilation

all

Avoid using Inductor compiler for model compilation to prevent triggering the vulnerability

Set environment variable: export TORCHINDUCTOR=0
Or modify code to avoid torch.compile() with inductor backend

Avoid torch.cummin Operations

all

Temporarily replace torch.cummin with alternative operations in model architectures

Replace torch.cummin() with equivalent torch.cumsum() or manual implementations where possible

🧯 If You Can't Patch

Implement circuit breakers and monitoring for model compilation failures to detect and alert on exploitation attempts
Isolate model compilation services from production inference services to limit blast radius of potential DoS

🔍 How to Verify

Check if Vulnerable:

Check PyTorch version: 'python -c "import torch; print(torch.__version__)"' - if version is exactly 2.7.0 and you use torch.cummin with Inductor compilation, you are vulnerable.

Check Version:

python -c "import torch; print('PyTorch version:', torch.__version__)"

Verify Fix Applied:

After updating, test model compilation with torch.cummin using Inductor: 'torch.compile(model_with_cummin, backend="inductor")' should complete without Name Error.

📡 Detection & Monitoring

Log Indicators:

NameError exceptions during torch.compile() operations
Stack traces containing 'cummin' and 'inductor' in error logs
Increased model compilation failure rates

Network Indicators:

Sudden drops in ML inference service availability
Increased failed API calls to model compilation endpoints

SIEM Query:

source="*pytorch*" AND ("NameError" OR "cummin" OR "inductor") AND severity>=ERROR

📊 Metadata

CVE ID: CVE-2025-55557

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-248

EPSS Score: 0.15% exploit probability (35.4th percentile)

Published: September 25, 2025

Last Updated: October 3, 2025

🔗 References

https://gist.github.com/shaoyuyoung/0e7d2a586297ae9c8ed14d8706749efc Third Party Advisory
https://github.com/pytorch/pytorch/issues/151738 Issue Tracking
https://github.com/pytorch/pytorch/pull/151931 Issue Tracking,Patch
https://github.com/pytorch/pytorch/issues/151738 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55557, you might also want to check these: