PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

...

The vulnerability of the torch.load() function in the PyTorch machine learning framework allows a hacker to execute arbitrary code.

The vulnerability of the torch.load function in the PyTorch machine learning framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

Denial Of Service (DoS)

PyTorch is vulnerable to Denial of Service DoS. The vulnerability is due to improper input handling in the torch.nn.functional.ctcloss function, which can be exploited locally to trigger a crash...

GHSA-GGPF-24JW-3FCW CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0

Description https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify weightsonly=True to calls to torch.load did not solve the problem prior to...

CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0

Description https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify weightsonly=True to calls to torch.load did not solve the problem prior to...

BIT-PYTORCH-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PYSEC-2025-41

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PYSEC-2025-41

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

DEBIAN-CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

AZL-60877 CVE-2025-32434 affecting package pytorch for versions less than 2.2.2-6

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

AZL-60880 CVE-2025-32434 affecting package pytorch for versions less than 2.0.0-8

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch contains a Remote Command Execution (RCE) vulnerability in versions 2.5.1 and earlier when loading a model with torch.load and weights_only=True. The issue is publicly documented and has been patched in version 2.6.0. External notices reiterate that upgrading to 2.6.0+ mitigates the flaw;...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

GHSA-53Q9-R3PM-6PQ6 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...

PyTorch 代码问题漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a system...