Remove pycld3 dependency and update torch to version 2.8.0 (MINDBREEZE35379)

ID: MINDBREEZE35379 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 9.8 Critical 
Status: Final 
First published: December 12, 2025 
CVEs: CVE-2025-3001, CVE-2025-32434, CVE-2025-3000, CVE-2025-3136, CVE-2025-2998, CVE-2025-3121, CVE-2025-2149, CVE-2025-2999, CVE-2025-4287, CVE-2025-2148, CVE-2025-46150, CVE-2025-46152, CVE-2025-46153, CVE-2025-55560, CVE-2025-55553, CVE-2025-55557, CVE-2025-46149 

Summary 

Multiple security vulnerabilities in pytorch:

• CVE-2025-4287 - A vulnerability was found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.cuda.nccl.reduce of the file torch/cuda/nccl.py
• CVE-2025-3136 - A vulnerability has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete
• CVE-2025-3121 - A vulnerability has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.
• CVE-2025-3001 - A vulnerability was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell
• CVE-2025-3000 - A vulnerability has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption.
• CVE-2025-2999 - A vulnerability was found in PyTorch 2.6.0. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption.
• CVE-2025-2998 - A vulnerability was found in PyTorch 2.6.0. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption.
• CVE-2025-2149 - A vulnerability was found in PyTorch 2.6.0+cu124. Affected by this issue is the function nnq_Sigmoid of the component Quantized Sigmoid Module.
• CVE-2025-2148 - A vulnerability was found in PyTorch 2.6.0+cu124. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler.
• CVE-2025-46149 - In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
• CVE-2025-32434 - In PyTorch version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists when loading a model using torch.load with weights_only=True.
• CVE-2025-46150 - In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
• CVE-2025-46152 - In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
• CVE-2025-46153 - PyTorch before 2.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.
• CVE-2025-55560 - An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
• CVE-2025-55553 - A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
• CVE-2025-55557 - A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 25.7 Release
• Mindbreeze InSpire SaaS 25.7 Release