CVE-2025-54951

CRITICAL9.8EPSS 0.83%

ExecuTorch vulnerable to Heap-based Buffer Overflow

發布日:2025/8/8修改日:2026/5/7

描述

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.

受影響套件(2)

Maven/org.pytorch:executorch-androidfrom 0, < 0.7.0
PyPI/executorchfrom 0, < 0.7.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-54951
PATCHhttps://github.com/pytorch/executorch
WEBhttps://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c
WEBhttps://www.facebook.com/security/advisories/cve-2025-54951