CVE-2025-32434

CRITICAL

PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-32434. PoCs published by adminlove520, Soildworks, B1tBit.

AI-analyzed exploit summary The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

Description

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Exploits (4)

github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-32434

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TOTOLINK LR350, TOTOLINK T6, Fortinet SSL VPN
No auth needed
Prerequisites: network access to the target device
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WRITEUP
by Soildworks · poc
https://github.com/Soildworks/Agentic-CLIP-Benchmark

This repository provides a detailed technical writeup and implementation of a zero-shot evaluation pipeline for OpenAI's CLIP model on CIFAR-10, including solutions to security and engineering challenges such as CVE-2025-32434 (PyTorch security protocols blocking insecure .bin files).

Classification
Writeup 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: PyTorch 2.6+
No auth needed
Prerequisites: PyTorch 2.6+ · transformers library · CIFAR-10 dataset
devstral-2 · analyzed Mar 08, 2026 Full analysis →
nomisec WORKING POC
by B1tBit · poc
https://github.com/B1tBit/CVE-2025-32434-exploit

This is a working PoC for CVE-2025-32434, demonstrating RCE in PyTorch versions < 2.6.0 via malicious pickle deserialization in torch.load() with weights_only=True. The exploit crafts a malicious model file that bypasses the protection mechanism.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PyTorch < 2.6.0
No auth needed
Prerequisites: PyTorch < 2.6.0 installed · Ability to deliver malicious model file to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by cyhe50 · poc
https://github.com/cyhe50/cve-2025-32434-poc

This repository contains a working proof-of-concept exploit for CVE-2025-32434, demonstrating arbitrary file write via PyTorch's JIT script serialization. The exploit leverages `torch.from_file` with `shared=True` to write a reverse shell cron job to `/etc/cron.d/rev`.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PyTorch 2.5.0
No auth needed
Prerequisites: Ability to load a malicious PyTorch model file · Write permissions to the target file path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0043
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-502
Status published
Products (2)
linuxfoundation/pytorch < 2.6.0
pypi/torch 0 - 2.6.0PyPI
Published Apr 18, 2025
Tracked Since Feb 18, 2026