CVE-2025-55557: A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading
highvulnerability
security
Summary
PyTorch version 2.7.0 has a bug where a name error occurs when a model uses torch.cummin (a function that finds cumulative minimum values) and is compiled by Inductor (PyTorch's compiler for optimizing code). This causes a Denial of Service (DoS, where a system becomes unavailable to users).
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
DoS
Attack SophisticationModerate
Impact (CIA+S)
availability
AI Component TargetedFramework
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
mediumlow
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Similar attackNVD/CVE Database
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Similar attack
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-55557
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 85%