CVE-2025-54952
📋 TL;DR
An integer overflow vulnerability in ExecuTorch model loading causes insufficient memory allocation, potentially leading to heap corruption and arbitrary code execution. This affects all systems using ExecuTorch before commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b. Attackers can exploit this by providing malicious models.
💻 Affected Systems
- ExecuTorch
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the privileges of the ExecuTorch process, potentially leading to full system compromise.
Likely Case
Application crash (denial of service) or limited code execution within the process context.
If Mitigated
No impact if patched or if untrusted models are not loaded.
🎯 Exploit Status
Exploitation requires crafting a malicious model file; no public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b or later
Vendor Advisory: https://www.facebook.com/security/advisories/cve-2025-54952
Restart Required: Yes
Instructions:
1. Update ExecuTorch to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b or later. 2. Rebuild any applications using ExecuTorch. 3. Restart affected services.
🔧 Temporary Workarounds
Restrict model sources
allOnly load ExecuTorch models from trusted, verified sources to prevent malicious input.
Disable model loading
allIf ExecuTorch model loading is not required, disable this functionality in the application.
🧯 If You Can't Patch
- Implement strict input validation and sanitization for model files.
- Run ExecuTorch in a sandboxed or containerized environment with minimal privileges.
🔍 How to Verify
Check if Vulnerable:
Check the ExecuTorch version or commit hash; if before 8f062d3f661e20bb19b24b767b9a9a46e8359f2b, it is vulnerable.Check Version:
Check the commit hash in your ExecuTorch installation directory or build logs.Verify Fix Applied:
Confirm the ExecuTorch version is at commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b or later.📡 Detection & Monitoring
Log Indicators:
- Unexpected crashes or memory errors in ExecuTorch processes
- Log entries indicating failed model loading
Network Indicators:
- Unusual network traffic to/from systems loading ExecuTorch models
SIEM Query:
Search for process crashes or errors related to ExecuTorch or model loading in application logs.