Fluid Attacks Database

Description

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pytorch	>=0 <2.6.0+dfsg-1	2.6.0+dfsg-1
debian 11	pytorch	=1.7.1-7 \|\| >=0 <1.7.1-7+deb11u1	1.7.1-7+deb11u1
debian 12	pytorch	=1.13.1+dfsg-4 \|\| =1.13.1+dfsg-5 \|\| =2.0.1+dfsg-1 \|\| =2.0.1+dfsg-1~exp1 \|\| =2.0.1+dfsg-2 \|\| =2.0.1+dfsg-4 \|\| =2.0.1+dfsg-5 \|\| =2.1.2+dfsg-1 \|\| =2.1.2+dfsg-2 \|\| =2.1.2+dfsg-4 \|\| =2.12.0+dfsg2-1 \|\| =2.12.0+dfsg2-1~exp1 \|\| =2.12.0+dfsg2-1~exp2 \|\| =2.12.0+dfsg2-2 \|\| =2.12.0+dfsg2-3 \|\| =2.12.0+dfsg2-4 \|\| =2.4.1-1 \|\| =2.4.1-3 \|\| =2.4.1-4 \|\| =2.5.0+dfsg-1 \|\| =2.5.1+dfsg-1 \|\| =2.5.1+dfsg-3 \|\| =2.5.1+dfsg-4 \|\| =2.6.0+dfsg-1 \|\| =2.6.0+dfsg-1~exp1 \|\| =2.6.0+dfsg-2 \|\| =2.6.0+dfsg-3 \|\| =2.6.0+dfsg-4 \|\| =2.6.0+dfsg-5 \|\| =2.6.0+dfsg-7 \|\| =2.6.0+dfsg-8 \|\| =2.6.0+dfsg-9 \|\| =2.6.0~rc9+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp1 \|\| =2.9.0+dfsg-1~exp2 \|\| =2.9.1+dfsg-1~exp1 \|\| =2.9.1+dfsg-1~exp2	-
debian 14	pytorch	>=0 <2.6.0+dfsg-1	2.6.0+dfsg-1
pypi	torch	>=0 <2.6.0	2.6.0
pypi	pytorch	>=0 <=2.5.1	-

Aliases

1. CVE-2025-324342. NVD-2025-324343. OSV-DEBIAN-2025-324344. OSV-2025-324345. GHSA-53q9-r3pm-6pq66. GCVE-2025-324347. SECURITY-TRACKER-CVE-2025-324348. GHSA-53q9-r3pm-6pq6

References

1. https://github.com/cyhe50/cve-2025-32434-poc2. https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq63. https://github.com/pytorch/pytorch/commit/8d4b8a920a2172523deb95bf20e8e52d50649c044. https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2025-41.yaml5. https://github.com/pytorch/pytorch

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.