CVE-2025-30402

HIGH8.1EPSS 0.43%

ExecuTorch vulnerable to Heap-based Buffer Overflow attack

發布日:2025/7/11修改日:2026/5/7

描述

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

受影響套件(2)

Maven/org.pytorch:executorch-androidfrom 0, < 0.7.0-rc1
PyPI/executorchfrom 0, < 0.7.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-30402
PATCHhttps://github.com/pytorch/executorch
WEBhttps://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
WEBhttps://www.facebook.com/security/advisories/cve-2025-30402