CVE-2025-30402 – executorch

Package

Manager: pip
Name: executorch
Vulnerable Version: >=0 <=0.6.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00058 pctl0.17969

Details

ExecuTorch vulnerable to Heap-based Buffer Overflow attack A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

Metadata

Created: 2025-07-11T18:30:34Z
Modified: 2025-07-11T22:57:06Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-h952-963h-rv99/GHSA-h952-963h-rv99.json
CWE IDs: ["CWE-122"]
Alternative ID: GHSA-h952-963h-rv99
Finding: F184
Auto approve: 1