A critical vulnerability in PyTorch was identified as CVE-2025-32434 that allows attackers to execute malicious code remotely. The security flaw was found in the torch.load function when used with the weights_only=True parameter, which was formerly considered a safe approach for loading models from untrusted sources. This undermines PyTorch's security recommendations, as many organizations and developers had deployed this parameter specifically for security measures. The vulnerability allows hackers to create harmful model files that, upon loading, can run arbitrary code on the victim's system leading to potential total system compromise. This becomes treacherously dangerous for machine learning pipelines that download and load models from external sources or collaborative environments automatically.
Source: https://cybersecuritynews.com/critical-pytorch-vulnerability/
"id": "pyt500042125",
"linkid": "pytorch",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"