Main Vulnerability Database Vulnerabilities #VU123582

Improper locking in PyTorch - CVE-2025-63396

Published: March 5, 2026

Vulnerability identifier: #VU123582

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-63396

CWE-ID: CWE-667

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: pytorch

Affected software:
PyTorch

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to the omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization. An authenticated local user with physical access to the system can exploit this vulnerability to cause a deadlock, resulting in a denial of service condition.

How to mitigate CVE-2025-63396

Install updates from vendor's website.

Sources

http://pytorch.com
https://github.com/Daisy2ang
https://github.com/pytorch/pytorch
https://github.com/pytorch/pytorch/issues/156563

Improper locking in PyTorch - CVE-2025-63396

Detailed vulnerability description

How to mitigate CVE-2025-63396

Sources

Please verify you're human