Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading

Summary A critical arbitrary code execution vulnerability exists in HuggingFace Transformers' Trainer class. The loadrngstate method at src/transformers/trainer.py:3059 calls torch.load without the weightsonly=True parameter. While a safeglobals context manager wraps this call, it provides no...

BIT-PYTORCH-2025-63396

An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop can cause torch.profiler.profile PythonTracer to crash or hang during finalization, leading to a Denial of Service DoS...

GHSA-46H3-79WF-XR6C Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

Picklescan missing detection when calling pty.spawn

Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

GHSA-9PF3-7RRR-X5JH lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Summary An insecure deserialization vulnerability exists in lmdeploy where torch.load is called without the weightsonly=True parameter when loading model checkpoint files. This allows an attacker to execute arbitrary code on the victim's machine when they load a malicious .bin or .pt model file...

PyTorch torch.lstm_cell memory corruption

...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-3730]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, caused by a flaw in PyTorch 2.6.0 that affects the function torch.nn.functional.ctc CVE-2025-3730. PyTorch is used in our service runtimes. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-2953]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, due to an issue found in PyTorch 2.6.0+cu124 that affects the function torch.mkldnnmaxpool2d CVE-2025-2953. PyTorch is used in our service runtimes. This vulnerabilitiy has been...

filelock has a TOCTOU race condition which allows symlink attacks during lock file creation

Impact A Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation where filelock checks if a file exists before opening it with OTRUNC. An attack...

CVE-2025-55560 affecting package pytorch for versions less than 2.0.0-11

CVE-2025-55560 affecting package pytorch for versions less than 2.0.0-11. A patched version of the package is available...

CVE-2025-46152 affecting package pytorch for versions less than 2.2.2-9

CVE-2025-46152 affecting package pytorch for versions less than 2.2.2-9. A patched version of the package is available...

CVE-2025-55560 affecting package pytorch for versions less than 2.2.2-9

CVE-2025-55560 affecting package pytorch for versions less than 2.2.2-9. A patched version of the package is available...

CVE-2025-55552 affecting package pytorch for versions less than 2.0.0-10

CVE-2025-55552 affecting package pytorch for versions less than 2.0.0-10. A patched version of the package is available...

CVE-2025-55552 affecting package pytorch for versions less than 2.2.2-8

CVE-2025-55552 affecting package pytorch for versions less than 2.2.2-8. A patched version of the package is available...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434.

Summary IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor...

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary code by loading untrusted PyTorch models, effectively bypassing the tool's protections. Picklescan, developed and maintained by Matthieu Maitre...

Debian dla-4389 : libtorch-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4389 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4389-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 4389-1] pytorch security update

Debian LTS Advisory DLA-4389-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert December 01, 2025 https://wiki.debian.org/LTS Package : pytorch Version : 1.7.1-7+deb11u1 CVE ID : CVE-2025-32434 A possible remote code execution RCE vulnerability has been discovered i...