Main Vulnerability Database Vulnerabilities #VU123582

#VU123582 Improper locking in PyTorch - CVE-2025-63396

Published: March 5, 2026

Vulnerability identifier: #VU123582

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-63396

CWE-ID: CWE-667

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PyTorch

Software vendor:
pytorch

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to the omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization. An authenticated local user with physical access to the system can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

Remediation

Install updates from vendor's website.

External links

http://pytorch.com
https://github.com/Daisy2ang
https://github.com/pytorch/pytorch
https://github.com/pytorch/pytorch/issues/156563

#VU123582 Improper locking in PyTorch - CVE-2025-63396

Description

Remediation

External links

Please verify you're human