AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-46153: PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency wit

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2025CVE-2025-46153

Summary

PyTorch versions before 3.7.0 have a bug in the bernoulli_p decompose function (a mathematical operation used in the dropout layers) that doesn't work the same way as the main CPU implementation, causing problems with nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d when fallback_random=True (a setting that uses random number generation as a backup method).

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-1176

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-46153

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 85%