Vulnerability cyber

PyTorch

Apr 21, 2025 1 min read
PyTorch

A major security flaw has been found in PyTorch, an open-source machine learning framework, which affects all versions up to and including 2.5.1. The flaw, identified as CVE-2025-32434, allows for remote code execution by attackers on systems that load AI models, even with protective measures enabled. The flaw is located within the torch.load() function. Any application, research tool, or cloud service that employs torch.load() using the unpatched versions of PyTorch is vulnerable. The vulnerability may grant full control over the attacked system and has been classified as critical due to its low complexity and high impact. All users are urged to upgrade immediately to PyTorch 2.6.0.

Source: https://thecyberexpress.com/pytorch-vulnerability-cve-2025-32434/

TPRM report: https://scoringcyber.rankiteo.com/company/pytorch

"id": "pyt500042125",
"linkid": "pytorch",
"type": "Vulnerability",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'attack_vector': 'Remote Code Execution',
 'description': 'A major security flaw has been found in PyTorch, an '
                'open-source machine learning framework, which affects all '
                'versions up to and including 2.5.1. The flaw, identified as '
                'CVE-2025-32434, allows for remote code execution by attackers '
                'on systems that load AI models, even with protective measures '
                'enabled. The flaw is located within the torch.load() '
                'function. Any application, research tool, or cloud service '
                'that employs torch.load() using the unpatched versions of '
                'PyTorch is vulnerable. The vulnerability may grant full '
                'control over the attacked system and has been classified as '
                'critical due to its low complexity and high impact. All users '
                'are urged to upgrade immediately to PyTorch 2.6.0.',
 'impact': {'systems_affected': ['Any application, research tool, or cloud '
                                 'service that employs torch.load() using the '
                                 'unpatched versions of PyTorch']},
 'recommendations': ['Upgrade to PyTorch 2.6.0'],
 'response': {'remediation_measures': ['Upgrade to PyTorch 2.6.0']},
 'title': 'PyTorch Remote Code Execution Vulnerability',
 'type': 'Vulnerability Exploit',
 'vulnerability_exploited': 'CVE-2025-32434'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.