CVE-2025-55552
Published: 25 September 2025
Summary
CVE-2025-55552 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linuxfoundation Pytorch. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Runtime Data Manipulation (T1565.003); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Data-Related Vulnerabilities risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31133
Vulnerability details
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: pytorch
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability causes silent incorrectness and unexpected behavior in PyTorch model compilation with Inductor, leading to incorrect outputs that facilitate runtime data manipulation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.