GHSA-GGPF-24JW-3FCW CVE-2025-24357 Malicious model remote code execution fix bypass with PyTorch < 2.6.0
Description https://github.com/vllm-project/vllm/security/advisories/GHSA-rh4j-5rhw-hr54 reported a vulnerability where loading a malicious model could result in code execution on the vllm host. The fix applied to specify weightsonly=True to calls to torch.load did not solve the problem prior to...