Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published: 2025-03-20
Score: 2.6 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-6954 Withdrawn Advisory: PyTorch deserialization vulnerability
Github GHSA Github GHSA GHSA-4vmg-rw8f-92f9 Withdrawn Advisory: PyTorch deserialization vulnerability
History

Wed, 18 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Low

 threat_severity

None

Tue, 01 Apr 2025 17:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_0

{'score': 2.6, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N'}

Tue, 01 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Title Deserialization of Untrusted Data in pytorch/pytorch pytorch: Deserialization of Untrusted Data in pytorch/pytorch
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 17:00:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node. This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Tue, 25 Mar 2025 01:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Low

Thu, 20 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 20 Mar 2025 10:15:00 +0000

Type Values Removed Values Added
Description A deserialization vulnerability exists in the Pytorch RPC framework (torch.distributed.rpc) in pytorch/pytorch versions <=2.3.1. The vulnerability arises from the lack of security verification during the deserialization process of PythonUDF objects in pytorch/torch/distributed/rpc/internal.py. This flaw allows an attacker to execute arbitrary code remotely by sending a malicious serialized PythonUDF object, leading to remote code execution (RCE) on the master node.
Title Deserialization of Untrusted Data in pytorch/pytorch
Weaknesses CWE-502
References
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Pytorch Pytorch
cve-icon MITRE

Status: REJECTED

Assigner: @huntr_ai

Published:

Updated: 2025-04-01T16:46:40.738Z

Reserved: 2024-08-14T16:45:16.341Z

Link: CVE-2024-7804

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-03-20T10:15:37.767

Modified: 2025-04-01T17:15:44.567

Link: CVE-2024-7804

cve-icon Redhat

Severity :

Publid Date: 2025-03-20T10:11:37Z

Links: CVE-2024-7804 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-06-20T13:55:53Z

Weaknesses