AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-46150: In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2025CVE-2025-46150

Summary

CVE-2025-46150 is a bug in PyTorch (a machine learning framework) versions before 2.7.0 where FractionalMaxPool2d (a function that reduces image dimensions) produces inconsistent results when torch.compile (a performance optimization tool) is used. The issue causes the function to give different outputs under the same conditions, which is problematic for machine learning models that need reproducible, reliable results.

Solution / Mitigation

Upgrade to PyTorch version 2.7.0 or later.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedFramework

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-46150

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 85%