AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-3730: A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.func

lowvulnerability

security

Source: NVD/CVE DatabaseApril 16, 2025CVE-2025-3730

Summary

PyTorch 2.6.0 contains a vulnerability in the torch.nn.functional.ctc_loss function (a component used for speech recognition tasks) that can cause denial of service (making the system unavailable). The vulnerability requires local access to exploit and has been publicly disclosed, though its actual existence is still uncertain.

Solution / Mitigation

Apply patch 46fc5d8e360127361211cb237d5f9eef0223e567. The project's security policy also recommends avoiding unknown models, which could have malicious effects.

Vulnerability Details

CVSS Score

3.3(low)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

DoS

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-404

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 85%