CVE-2025-54949
📋 TL;DR
A heap buffer overflow vulnerability in ExecuTorch's model loading functionality allows attackers to execute arbitrary code or cause denial of service. This affects any system using ExecuTorch to load untrusted models prior to the patched commit. Users of PyTorch's ExecuTorch runtime for edge deployment are primarily impacted.
💻 Affected Systems
- PyTorch ExecuTorch
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the ExecuTorch process, potentially leading to full system compromise.
Likely Case
Denial of service through application crashes or memory corruption, with potential for code execution in targeted attacks.
If Mitigated
Limited impact if models are from trusted sources and process runs with minimal privileges.
🎯 Exploit Status
Exploitation requires crafting malicious model files; no authentication needed to trigger if model loading is accessible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit ede82493dae6d2d43f8c424e7be4721abe5242be and later
Vendor Advisory: https://www.facebook.com/security/advisories/cve-2025-54949
Restart Required: Yes
Instructions:
1. Update ExecuTorch to commit ede82493dae6d2d43f8c424e7be4721abe5242be or later. 2. Rebuild any applications using ExecuTorch. 3. Restart affected services.
🔧 Temporary Workarounds
Restrict model sources
allOnly load ExecuTorch models from trusted, verified sources.
Sandbox execution
allRun ExecuTorch processes with minimal privileges and in isolated environments.
🧯 If You Can't Patch
- Implement strict input validation for model files before loading.
- Deploy network segmentation to isolate ExecuTorch systems from critical assets.
🔍 How to Verify
Check if Vulnerable:
Check ExecuTorch commit hash; if earlier than ede82493dae6d2d43f8c424e7be4721abe5242be, you are vulnerable.Check Version:
Check the ExecuTorch build or source for commit hash; exact command depends on deployment.Verify Fix Applied:
Confirm ExecuTorch is at commit ede82493dae6d2d43f8c424e7be4721abe5242be or later and test loading known-safe models.📡 Detection & Monitoring
Log Indicators:
- Application crashes with memory access violations
- Unexpected process termination when loading models
Network Indicators:
- Unusual network connections after model loading
- Downloads of suspicious model files
SIEM Query:
Process:executorch AND (EventID:1000 OR ExceptionCode:c0000005)