CVE-2025-46153

PYSEC-2025-202 · BIT-pytorch-2025-46153 · CVE-2025-46153

Published Sep 25, 2025 · Modified May 20, 2026

Description

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

References

WEB https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0
ADVISORY https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a
ADVISORY https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a
REPORT https://github.com/pytorch/pytorch/issues/142853
FIX https://github.com/pytorch/pytorch/pull/143460

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes