Integer Overflow Vulnerability in ExecuTorch Affects Model Loading
CVE-2025-30405

9.8CRITICAL

Key Information:

Vendor: Meta Platforms, Inc
Status: Executorch
Vendor: CVE Published:; 7 August 2025

🔔 Create Meta Platforms, Inc Vulnerability Alert

What is CVE-2025-30405?

An integer overflow vulnerability exists in the loading process of ExecuTorch models, potentially allowing objects to be placed outside of their designated memory boundaries. This weakness can lead to unforeseen code execution and other adverse effects. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

ExecuTorch 0

References

https://www.facebook.com/security/advisories/cve-2025-30405

x_refsource_CONFIRM

https://github.com/pytorch/executorch/commit/0830af820724...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Mar 21, 2025

JSON