A major security flaw has been found in PyTorch, an open-source machine learning framework, which affects all versions up to and including 2.5.1. The flaw, identified as CVE-2025-32434, allows for remote code execution by attackers on systems that load AI models, even with protective measures enabled. The flaw is located within the torch.load() function. Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch is vulnerable. The vulnerability may grant full control over the attacked system and has been classified as critical due to its low complexity and high impact. All users are urged to upgrade immediately to PyTorch 2.6.0.
Source: https://thecyberexpress.com/pytorch-vulnerability-cve-2025-32434/
"id": "pyt500042125",
"linkid": "pytorch",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"