CVE-2025-54951

CRITICAL

Pypi Executorch < 0.7.0 - Heap Buffer Overflow

Title source: rule

Description

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.facebook.com/security/advisories/cve-2025-54951

Patch x_refsource_confirm

https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0024

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-122

Status published

Products (4)

Meta Platforms, Inc/ExecuTorch < https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c

org.pytorch/executorch-android 0 - 0.7.0Maven

pypi/executorch 0 - 0.7.0PyPI

SwiftURL/executorch 0 - 0.7.0SwiftURL

Published Aug 07, 2025

Tracked Since Feb 18, 2026