Vulnerability Details CVE-2025-32434
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-32434
-
cpe:2.3:a:linuxfoundation:pytorch:-
-
cpe:2.3:a:linuxfoundation:pytorch:2.2.0
-
cpe:2.3:a:linuxfoundation:pytorch:2.2.1
-
cpe:2.3:a:linuxfoundation:pytorch:2.2.2
-
cpe:2.3:a:linuxfoundation:pytorch:2.3.0
-
cpe:2.3:a:linuxfoundation:pytorch:2.3.1
-
cpe:2.3:a:linuxfoundation:pytorch:2.4.0
-
cpe:2.3:a:linuxfoundation:pytorch:2.4.1
-
cpe:2.3:a:linuxfoundation:pytorch:2.5.0
-
cpe:2.3:a:linuxfoundation:pytorch:2.5.1