CVE-2025-32434 – A critical Remote Command Execution vulnerabili... (How to Fix)

📋 TL;DR

A critical Remote Command Execution vulnerability exists in PyTorch when loading models with torch.load(weights_only=True). Attackers can craft malicious model files to execute arbitrary code on systems running vulnerable versions. This affects all users who load untrusted PyTorch model files.

💻 Affected Systems

Products:

PyTorch

Versions: 2.5.1 and prior

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when loading models with torch.load(weights_only=True). The weights_only parameter was intended to provide security but was bypassable.

📦 What is this software?

Pytorch by Linuxfoundation

View all CVEs affecting Pytorch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Data theft, cryptocurrency mining, or ransomware deployment through malicious PyTorch model files.

🟢

If Mitigated

Limited impact if only trusted model files are loaded and proper network segmentation is in place.

🌐 Internet-Facing: HIGH if PyTorch models are loaded from untrusted internet sources or user uploads.

🏢 Internal Only: MEDIUM if internal users can load arbitrary model files, LOW if model sources are strictly controlled.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires loading a malicious model file. Public proof-of-concept exists in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.6.0

Vendor Advisory: https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

Restart Required: No

Instructions:

1. Upgrade PyTorch to version 2.6.0 or later using pip: pip install --upgrade torch==2.6.0
2. Verify installation with: python -c "import torch; print(torch.__version__)"
3. Test that torch.load with weights_only=True works with your models.

🔧 Temporary Workarounds

Avoid loading untrusted models

all

Only load PyTorch model files from trusted sources. Implement strict validation of model files before loading.

Use pickle.load with restrictions

all

If you must load untrusted files, use pickle.load with restricted unpicklers (though this is complex and error-prone).

🧯 If You Can't Patch

Implement strict file validation: only allow loading of model files from trusted, verified sources.
Isolate PyTorch processes in containers or sandboxes with minimal privileges and network access.

🔍 How to Verify

Check if Vulnerable:

Check PyTorch version: python -c "import torch; print(torch.__version__)". If version is 2.5.1 or earlier, you are vulnerable.

Check Version:

python -c "import torch; print(torch.__version__)"

Verify Fix Applied:

After upgrading, verify version is 2.6.0 or later: python -c "import torch; print(torch.__version__)"

📡 Detection & Monitoring

Log Indicators:

Unexpected process execution from Python/PyTorch processes
Loading of model files from unusual locations or network sources

Network Indicators:

Unexpected outbound connections from PyTorch processes
Downloads of PyTorch model files from untrusted sources

SIEM Query:

Process execution where parent process contains 'python' AND (command_line contains 'torch.load' OR image_path contains 'python')

📊 Metadata

CVE ID: CVE-2025-32434

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 1.13% exploit probability (77.9th percentile)

Published: April 18, 2025

Last Updated: December 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32434, you might also want to check these: