CVE-2025-55560 is a Denial-of-Service (DoS) vulnerability in PyTorch v2.7.0 that occurs when a model uses torch.Tensor.to_sparse followed by torch.Tensor.to_dense and is compiled with the Inductor backend via torch.compile. The upstream fix, a targeted graph-break check, has been merged into the PyTorch development stream and later releases. This tag covers the vulnerability details, affected systems, verification methods, and remediation steps for Windows and cloud operators. Discussions include evaluating the fix's strengths and limitations, as well as practical mitigation strategies for those unable to immediately update PyTorch.
-
A newly assigned vulnerability, CVE-2025-55560, identifies a Denial‑of‑Service (DoS) condition in PyTorch v2.7.0 that can be triggered when a model uses torch.Tensor.to_sparse followed by torch.Tensor.to_dense and is compiled with the Inductor backend (torch.compile). The defect has been tracked...