CVE-2025-54950 – executorch

Package

Manager: pip
Name: executorch
Vulnerable Version: >=0 <0.7.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00129 pctl0.33159

Details

ExecuTorch out-of-bounds access vulnerability An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4.

Metadata

Created: 2025-08-08T00:30:26Z
Modified: 2025-08-12T19:02:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-f9hx-c6jf-3qxm/GHSA-f9hx-c6jf-3qxm.json
CWE IDs: ["CWE-125"]
Alternative ID: GHSA-f9hx-c6jf-3qxm
Finding: F111
Auto approve: 1