CVE-2025-30404 – executorch

Package

Manager: pip
Name: executorch
Vulnerable Version: >=0 <0.7.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.001 pctl0.28285

Details

ExecuTorch integer overflow vulnerability An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.

Metadata

Created: 2025-08-08T00:30:26Z
Modified: 2025-08-12T18:48:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-hj95-mhgf-jxc4/GHSA-hj95-mhgf-jxc4.json
CWE IDs: ["CWE-190"]
Alternative ID: GHSA-hj95-mhgf-jxc4
Finding: F111
Auto approve: 1