CVE-2025-30402

HIGH8.1EPSS 0.43%

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

Published: 7/11/2025Modified: 5/7/2026

Description

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

Affected packages (2)

Maven/org.pytorch:executorch-androidfrom 0, < 0.7.0-rc1
PyPI/executorchfrom 0, < 0.7.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30402
PATCHhttps://github.com/pytorch/executorch
WEBhttps://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
WEBhttps://www.facebook.com/security/advisories/cve-2025-30402