Out-of-Bounds Access in ExecuTorch Models Affects Pytorch
CVE-2025-54950

9.8CRITICAL

Key Information:

Vendor: Meta Platforms, Inc
Status: Executorch
Vendor: CVE Published:; 7 August 2025

🔔 Create Meta Platforms, Inc Vulnerability Alert

What is CVE-2025-54950?

An out-of-bounds access vulnerability within ExecuTorch can cause severe runtime crashes, potentially leading to code execution or other unwanted behaviors. This flaw affects all versions of ExecuTorch prior to commit fb03b6f85596a8f954d97929075335255b6a58d4, thus posing significant security risks to users relying on this tool for model processing.

Affected Version(s)

ExecuTorch 0

References

https://www.facebook.com/security/advisories/cve-2025-54950

x_refsource_CONFIRM

https://github.com/pytorch/executorch/commit/b6b7a16df5e7...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2025