AI description
CVE-2025-32434 is a Remote Command Execution (RCE) vulnerability affecting PyTorch versions 2.5.1 and earlier. It exists in the `torch.load()` function when loading a model with the `weights_only=True` parameter. This parameter was previously believed to provide security, but researchers have demonstrated that attackers can still achieve RCE even when it is enabled. The vulnerability stems from the deserialization of untrusted data. By crafting a malicious model file, an attacker can exploit this flaw to execute arbitrary commands on the target machine. A patch is available in PyTorch version 2.6.0, and users of affected versions are advised to update immediately.
- Description
- PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
⚠️ ثغرة خطيرة في PyTorch تم اكتشافها الثغرة CVE-2025-32434 (تقييم 9.3) تتيح تنفيذ أكواد خبيثة عند تحميل نموذج ذكاء اصطناعي مُصاب. إذا كنت تستخدم PyTorch، قم بالتحديث إلى
@KasperskyKSA
6 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PyTorch の深刻な脆弱性 CVE-2025-32434 が FIX:セキュリティ対策の不備によるコード実行 https://t.co/tZK7x71L2v Python の機械学習ライブラリである PyTorch に、CVSS 値 9.1 の深刻な RCE 脆弱性が発見されました。”weights_only=
@iototsecnews
5 May 2025
138 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Critical vulnerability in PyTorch detected CVE-2025-32434 (CVSS 9.3) allows attackers to run code remotely when a malicious AI model is loaded. If you use PyTorch, update to the latest version immediately to stay protected. 🔗 Learn more and secure your system: https:/
@KasperskyKSA
28 Apr 2025
154 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PyTorch — популярный инструмент для создания ИИ-моделей — оказался уязвимым для атак, несмотря на меры безопасности. Ошибка с идентификатором CVE-2025-32434 позволяла исполнять вредоносный код при загрузке моделей: https://t.co/Ji4SCQe0HN #PyTorch #ИИ #CVE #CVSS #Microsoft http
@infosecmedia_
22 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
pytorch (torch) に脆弱性、CVSS 9.3 で重大度高い torch >= 2.6.0 で解消 CVE-2025-32434 https://t.co/ve7G44hZeS https://t.co/AD6ASuY8oP
@fresta_gg
21 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-32434) in PyTorch allows remote code execution even with protections in place. Users should upgrade to 2.6.0 and audit AI models for safety. ⚠️ #PyTorch #AIModels #USA link: https://t.co/ukQSjsbUQ0 https://t.co/gXo1K4yNsS
@TweetThreatNews
21 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability (CVE-2025-32434) has been found in PyTorch ≤2.5.1, affecting the torch.load() function. Users should update to version 2.6.0 immediately. ⚠️ #PyTorchUpdate #RemoteCode #USA link: https://t.co/t2VcewJQbW https://t.co/XdRbtVphAL
@TweetThreatNews
21 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PyTorchに重大(Critical)な脆弱性。CVE-2025-32434はCVSSスコア9.3の遠隔コード実行。torch.load()でweights_only=Trueの場合に細工されたモデルファイルを扱うと発現。バージョン2.6.0で修正。 https://t.co/62GqSLH4Ou
@__kokumoto
21 Apr 2025
6625 Impressions
28 Retweets
65 Likes
28 Bookmarks
0 Replies
0 Quotes
Critical PyTorch Vulnerability CVE-2025-32434 Allows Remote Code Execution https://t.co/T7JmseLUkj
@Dinosn
21 Apr 2025
2457 Impressions
3 Retweets
19 Likes
5 Bookmarks
0 Replies
1 Quote
🚨 CVE-2025-32434 ⚠️🔴 CRITICAL (9.3) 🏢 pytorch - pytorch 🏗️ < 2.6.0 🔗 https://t.co/3CXH8n7NHn #CyberCron #VulnAlert #InfoSec https://t.co/mlq7tLQyL3
@cybercronai
19 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32434 Remote Command Execution in PyTorch Before 2.6.0 via Torch Load Mechanism https://t.co/wJsyOveSwF
@VulmonFeeds
19 Apr 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes