CVE-2025-3730

Name: CVE-2025-3730
Creator: NVD / NIST
Published: 2025-04-16T21:15:48.7+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.27%

Last modified Jun 17, 2026

CVE-2025-3730 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. EPSS estimates a 0.27% chance of exploitation in the next 30 days.

Description

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 4.0

4.8/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.27%

18.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-404

Affected Software

Vendor	Product	Versions
Linuxfoundation	Pytorch	2.6.0

References

https://github.com/pytorch/pytorch/issues/150835Exploit, Issue Tracking, Vendor Advisory
https://github.com/pytorch/pytorch/issues/150835#issue-2979082232Exploit, Issue Tracking, Vendor Advisory
https://github.com/pytorch/pytorch/pull/150981Issue Tracking, Patch
https://github.com/timocafe/tewart-pytorch/commit/46fc5d8e360127361211cb237d5f9eef0223e567Patch
https://vuldb.com/?ctiid.305076Permissions Required, VDB Entry
https://vuldb.com/?id.305076Third Party Advisory, VDB Entry
https://vuldb.com/?submit.553645Exploit, Third Party Advisory, VDB Entry
https://github.com/pytorch/pytorch/issues/150835Exploit, Issue Tracking, Vendor Advisory

Timeline

Published: Apr 16, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-3730?

How severe is CVE-2025-3730?

CVE-2025-3730 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.

How do I fix CVE-2025-3730?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-3730?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST