CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*

History

28 May 2025, 13:14

Type Values Removed Values Added
Summary
  • (es) PyTorch es un paquete de Python que proporciona computación tensorial con una potente aceleración de GPU y redes neuronales profundas basadas en un sistema de autogradación basado en cinta. En la versión 2.5.1 y anteriores, existía una vulnerabilidad de ejecución remota de comandos (RCE) en PyTorch al cargar un modelo usando torch.load con weights_only=True. Este problema se ha corregido en la versión 2.6.0.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References () https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6 - () https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6 - Vendor Advisory
First Time Linuxfoundation
Linuxfoundation pytorch
CPE cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*

18 Apr 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-18 16:15

Updated : 2025-05-28 13:14


NVD link : CVE-2025-32434

Mitre link : CVE-2025-32434

CVE.ORG link : CVE-2025-32434


JSON object : View

Products Affected

linuxfoundation

  • pytorch
CWE
CWE-502

Deserialization of Untrusted Data