Heap Buffer Overflow Vulnerability in ExecuTorch by PyTorch
CVE-2025-54949

9.8CRITICAL

Key Information:

Vendor: Meta Platforms, Inc
Status: Executorch
Vendor: CVE Published:; 7 August 2025

🔔 Create Meta Platforms, Inc Vulnerability Alert

What is CVE-2025-54949?

A heap buffer overflow in ExecuTorch models can lead to significant security risks, including unauthorized code execution. This vulnerability affects users of ExecuTorch that have not applied the necessary updates, specifically those prior to the commit ede82493dae6d2d43f8c424e7be4721abe5242be. It is essential for organizations to monitor their versions and apply patches promptly to mitigate potential exploitation.

Affected Version(s)

ExecuTorch 0

References

https://www.facebook.com/security/advisories/cve-2025-54949

x_refsource_CONFIRM

https://github.com/pytorch/executorch/commit/ede82493dae6...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025
Vulnerability Reserved
Aug 1, 2025