CVE-2025-32434 in PyTorch
Summary
by MITRE • 04/18/2025
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/01/2025
The vulnerability identified as CVE-2025-32434 represents a critical remote command execution flaw within the PyTorch machine learning framework that affects versions 2.5.1 and earlier. This security weakness specifically manifests when the torch.load function is utilized with the weights_only=True parameter, creating a pathway for malicious actors to execute arbitrary commands on systems running vulnerable PyTorch versions. The issue stems from insufficient input validation and sanitization during the model loading process, particularly when handling serialized data that may contain malicious payloads designed to exploit the underlying Python deserialization mechanism.
The technical exploitation of this vulnerability occurs through the manipulation of model files that are loaded using torch.load with weights_only=True. When PyTorch processes these serialized objects, it fails to properly validate the contents of the loaded data, allowing attackers to craft malicious model files that contain executable code. The weights_only parameter, which is intended to restrict loading to only weight data and prevent execution of arbitrary code, is bypassed due to incomplete validation checks. This flaw enables attackers to execute commands with the privileges of the user running the PyTorch application, potentially leading to complete system compromise. The vulnerability is categorized under CWE-502 as Deserialization of Untrusted Data, which is a well-known weakness that frequently leads to remote code execution in Python applications.
The operational impact of this vulnerability extends across numerous domains where PyTorch is deployed, including cloud computing environments, data science platforms, and machine learning infrastructure. Organizations using PyTorch for model deployment, training, or inference may face significant security risks when loading models from untrusted sources, particularly in multi-tenant environments or when processing user-uploaded models. The vulnerability affects both local and remote model loading scenarios, making it particularly dangerous in web applications that allow users to upload and process PyTorch models. Attackers could leverage this weakness to gain unauthorized access to systems, exfiltrate sensitive data, or establish persistent backdoors within machine learning workflows. The impact is further amplified by the widespread adoption of PyTorch in enterprise environments, where the compromise of a single model loading operation could affect multiple systems and applications.
Mitigation strategies for CVE-2025-32434 primarily focus on immediate version upgrades to PyTorch 2.6.0 or later, which includes patches addressing the deserialization vulnerability. Organizations should implement comprehensive model validation procedures before loading any external models, including digital signature verification and content integrity checks. The security community recommends establishing strict access controls for model loading operations and implementing network segmentation to limit potential attack vectors. Additionally, organizations should consider deploying automated scanning tools to detect and prevent the execution of potentially malicious model files. From an ATT&CK framework perspective, this vulnerability maps to T1059.001 Command and Scripting Interpreter and T1203 Exploitation for Client Execution, highlighting the need for defensive measures that focus on preventing unauthorized code execution and monitoring for suspicious model loading activities. Regular security assessments and vulnerability scanning should be implemented to identify and remediate similar issues in other Python-based machine learning frameworks and libraries.