Summary: A critical security vulnerability (CVE-2025-32434) has been discovered in PyTorch, allowing remote code execution even with protective settings enabled. The flaw affects all versions up to 2.5.1 and has been addressed in the latest release, 2.6.0. Users are urged to upgrade immediately and audit existing AI models for potential vulnerabilities.
Affected: PyTorch framework (all versions up to 2.5.1)
Keypoints :
- A vulnerability in the torch.load() function allows attackers to execute arbitrary code.
- The previously relied-upon weights_only=True setting is insufficient for protection.
- Users should upgrade to PyTorch 2.6.0 and audit AI models for safety.
Source: https://thecyberexpress.com/pytorch-vulnerability-cve-2025-32434/