AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-55552: pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are us

highvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2025CVE-2025-55552

Summary

PyTorch v2.8.0 has a vulnerability (CVE-2025-55552) where two functions, torch.rot90 (which rotates arrays) and torch.randn_like (which generates random numbers matching a given shape), behave unexpectedly when used together, possibly due to integer overflow or wraparound (where numbers wrap around to negative values instead of staying large).

Vulnerability Details

CVSS Score

7.5(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-190 CWE-682

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-55552

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 85%