Vulnerability Description
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Pytorch | >= 2.6.0, < 2.7.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248aThird Party Advisory
- https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28aThird Party Advisory
- https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0Product
- https://github.com/pytorch/pytorch/issues/142853Issue Tracking
- https://github.com/pytorch/pytorch/pull/143460Issue TrackingPatch
FAQ
What is CVE-2025-46153?
CVE-2025-46153 is a vulnerability with a CVSS score of 5.3 (MEDIUM). PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d,...
How severe is CVE-2025-46153?
CVE-2025-46153 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-46153?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Pytorch.