VYPR
Critical severityNVD Advisory· Published Apr 18, 2025· Updated Dec 1, 2025

PyTorch: `torch.load` with `weights_only=True` leads to remote code execution

CVE-2025-32434

Description

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
torchPyPI
< 2.6.02.6.0

Affected products

7

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.