CVE-2025-46153 in PyTorchinfo

Summary

by MITRE • 09/25/2025

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 09/30/2025

The vulnerability identified as CVE-2025-46153 affects PyTorch versions prior to 3.7.0 and stems from an inconsistency in the bernoulli_p decompose function within the decompositions.py file. This function, while present in the decomposition framework, fails to maintain full compatibility with the eager CPU implementation that is used during normal execution paths. The issue specifically impacts the dropout operations nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d when the fallback_random parameter is set to True, creating a scenario where the behavior of these neural network components diverges between decomposition and eager execution modes.

The technical flaw manifests in the decomposition system's bernoulli_p function which is designed to provide mathematical equivalence between different execution contexts. However, the implementation contains discrepancies that become apparent when fallback_random=True is specified, causing these dropout layers to behave differently than expected. This inconsistency creates a potential attack surface where adversarial inputs could exploit the behavioral differences between the two execution modes, particularly in scenarios where the decomposition path is triggered instead of the standard eager execution path.

From an operational impact perspective, this vulnerability affects machine learning applications that rely on PyTorch's dropout functionality for regularization and preventing overfitting. When fallback_random=True is enabled, the dropout layers may not function as intended, potentially leading to inconsistent model behavior during training and inference phases. The risk is particularly elevated in production environments where models are deployed with specific dropout configurations that depend on consistent random behavior across different execution paths. This inconsistency could result in reduced model performance, unexpected training dynamics, or even complete model failure in certain deployment scenarios.

The vulnerability aligns with CWE-691, which addresses insufficient control flow management in software systems, and can be mapped to ATT&CK technique T1588.002 for the development of exploit code targeting software vulnerabilities. Organizations using PyTorch versions before 3.7.0 should prioritize upgrading to the patched release to ensure consistent behavior across all execution paths. Additionally, security teams should monitor for potential exploitation attempts that might leverage this inconsistency to manipulate model training processes or create unexpected behavior in deployed neural network applications. The recommended mitigation strategy involves immediate patch deployment along with verification of model behavior in environments where fallback_random=True is utilized, ensuring that all dropout operations maintain consistent randomization patterns across both eager and decomposition execution modes.

Responsible

MITRE

Reservation

04/22/2025

Disclosure

09/25/2025

Moderation

accepted

CPE

ready

EPSS

0.00391

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!