CVE-2025-63396
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In PyTorch versions 2.5 and 2.7.1, omitting profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
Risk Assessment
An attacker can exploit this vulnerability to crash or hang applications using PyTorch, resulting in service disruption and potential loss of availability.
Recommendation
It is recommended to update PyTorch to a patched version and ensure the profiler is always properly stopped by calling profiler.stop().
Original NVD description (English source)
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).

