CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch contains a Remote Command Execution (RCE) vulnerability in versions 2.5.1 and earlier when loading a model with torch.load and weights_only=True. The issue is publicly documented and has been patched in version 2.6.0. External notices reiterate that upgrading to 2.6.0+ mitigates the flaw;...

CVE-2025-32434 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model using torch.load with...

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...

GHSA-53Q9-R3PM-6PQ6 PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

Description I found a Remote Command Execution RCE vulnerability in PyTorch. When loading model using torch.load with weightsonly=True, it can still achieve RCE. Background knowledge https://github.com/pytorch/pytorch/security As you can see, the PyTorch official documentation considers using...

PyTorch 代码问题漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a remote command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on a system...

PT-2025-39413

Name of the Vulnerable Software and Affected Versions pytorch version 2.8.0 Description An integer overflow exists in the torch.nan to num-.long component. The issue involves an integer overflow that could potentially lead to unexpected behavior or crashes. Recommendations At the moment, there is...

PT-2025-39423

Name of the Vulnerable Software and Affected Versions pytorch version 2.7.0 Description A flaw exists in pytorch that can result in a Denial of Service DoS. This occurs when a PyTorch model incorporates both torch.Tensor.to sparse and torch.Tensor.to dense and is compiled using Inductor. The issu...

GHSA-887C-MR87-CXWP PyTorch Improper Resource Shutdown or Release vulnerability

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

PyTorch Improper Resource Shutdown or Release vulnerability

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

AZL-60577 CVE-2025-3730 affecting package pytorch for versions less than 2.0.0-8

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

DEBIAN-CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

AZL-60500 CVE-2025-3730 affecting package pytorch for versions less than 2.2.2-6

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

UBUNTU-CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...

CVE-2025-3730

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed ...