CVE-2025-46149 in PyTorch
Summary
by MITRE • 09/25/2025
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/30/2025
The vulnerability identified as CVE-2025-46149 affects PyTorch versions prior to 2.7.0 and specifically impacts the interaction between the inductor optimization feature and the nn.Fold layer implementation. This issue manifests as an assertion error when the inductor attempts to process operations involving fold operations, creating a critical disruption in model execution pipelines that rely on these components. The inductor represents a key optimization mechanism within PyTorch designed to improve performance by automatically optimizing computational graphs, yet it fails to properly handle certain edge cases within the fold layer functionality.
The technical flaw stems from an assertion failure within the nn.Fold implementation when processed through the inductor optimization path. This assertion error occurs due to improper handling of tensor dimensions or memory layout requirements during the optimization phase. The fold operation in PyTorch is designed to fold sliding local blocks from a batched input into a new sequence, but when combined with inductor optimization, the internal state management or dimension validation fails to account for specific scenarios that arise during the optimization process. This represents a classic software validation error where the assertion logic does not properly account for all possible input configurations that may occur during the optimization phase.
The operational impact of this vulnerability extends beyond simple execution failures, as it can completely prevent model training or inference workflows from completing successfully when fold operations are present in the computational graph. Systems relying on PyTorch for deep learning applications, particularly those involving image processing, signal processing, or any domain requiring sliding window operations, may experience complete service disruption. The vulnerability affects both training and inference scenarios, making it particularly concerning for production environments where model stability is paramount. Organizations using PyTorch models with fold operations may face unexpected downtime, requiring immediate patching or workaround implementations.
Mitigation strategies should prioritize upgrading to PyTorch version 2.7.0 or later, where the assertion error has been resolved through improved handling of the fold operation within the inductor optimization framework. System administrators should also consider implementing temporary workarounds such as disabling the inductor optimization for affected models or using alternative implementations that avoid the problematic fold operations. From a cybersecurity perspective, this vulnerability aligns with CWE-611 (Improper Restriction of XML External Entity Reference) and follows ATT&CK technique T1595.001 (Network Boundary Bridging) in that it can potentially be exploited to cause denial of service conditions in machine learning infrastructure. Organizations should also monitor their PyTorch dependencies and ensure all related packages are updated to prevent similar issues in interconnected systems. The fix implemented in version 2.7.0 likely includes enhanced validation logic and proper dimension handling within the inductor optimization path to prevent the assertion failure from occurring during normal operation.