Community Notice: :pytorch: Critical CVE

BurhanQ · April 29, 2025, 1:47pm

CVE-2025-32434 in PyTorch

A critical vulnerability (CVSS 9.3) has been identified in PyTorch versions < 2.6.0. Exploiting this issue via torch.load with weights_only=True could allow remote code execution (RCE) due to deserialization of untrusted data.

Affected Versions: PyTorch < 2.6.0

Fix: Upgrade to PyTorch 2.6.0 or later.

Reference: PyTorch GitHub Advisory

Recommended Actions:

Update to the most recent version of PyTorch compatible with your system if possible.
If you’re unable to update, you should evaluate the risk for your situation.
Always ensure that you’re downloading and loading weights from an official and trusted source.

Topic		Replies	Views
[PyTorch] :pytorch: New version incoming! News news , pytorch	1	139	July 25, 2024
[PSA] Issues observed with PyTorch 2.4.0 + Ultralytics Support cpu , yolo , support , troubleshooting , pytorch	1	280	July 26, 2024
New Release: Ultralytics v8.3.64 Discussion releases , announcements	0	17	January 20, 2025
New Release: Ultralytics v8.3.49 Discussion releases , announcements	0	128	December 11, 2024
New Release: Ultralytics v8.2.87 Discussion releases , announcements	0	134	September 3, 2024