CVE-2025-32434CRITICAL 9.8EPSS p76.7%

CVE-2025-32434CVE-2025-32434

Description

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.88% probability of exploitation · percentile 76.7% · 2026-06-18T12:00:27Z
Published2025-04-18
Last modified2025-12-01

Underlying weaknesses· 1

CWE-502

References

  1. https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
  2. https://lists.debian.org/debian-lts-announce/2025/12/msg00000.html

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24747
CVE
CVE-2025-33244
CVE
CVE-2026-31214
CVE
CVE-2025-1945
CVE
CVE-2025-67729
CVE
CVE-2025-49655
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.