CVE-2025-32434

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.

This repository provides a detailed technical writeup and implementation of a zero-shot evaluation pipeline for OpenAI's CLIP model on CIFAR-10, including solutions to security and engineering challenges such as CVE-2025-32434 (PyTorch security protocols blocking insecure .bin files).

This is a working PoC for CVE-2025-32434, demonstrating RCE in PyTorch versions < 2.6.0 via malicious pickle deserialization in torch.load() with weights_only=True. The exploit crafts a malicious model file that bypasses the protection mechanism.

This repository contains a working proof-of-concept exploit for CVE-2025-32434, demonstrating arbitrary file write via PyTorch's JIT script serialization. The exploit leverages `torch.from_file` with `shared=True` to write a reverse shell cron job to `/etc/cron.d/rev`.