CVE-2025-54949
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54949
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54949.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54949
- Aliases
- Published
- 2025-08-07T23:15:26.500Z
- Modified
- 2025-11-20T12:39:31.904724Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
- References
Affected packages
Git / github.com/pytorch/executorch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytorch/executorch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
ciflow/binaries/all/sdym
ciflow/binaries/sdym
stable-2023-08-01
stable-2023-08-15
stable-2023-08-29
stable-2023-09-12
stable-2023-09-19
v0.*
v0.1.0-rc1
v0.2.0-rc1
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "kernels/prim_ops/et_copy_index.cpp"
},
"signature_version": "v1",
"source": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"digest": {
"line_hashes": [
"121957020323574689823480903042459142624",
"125409210904276051776607744241352589641",
"248581585591437385727220559296329969777",
"267202912623442923288967475940123529305",
"304512569008727939823753154613325456522",
"6873608077481612929761107008845638520",
"79334496597976305191092111138872914180",
"292295362670652589352400647204328365926",
"195741744102147691126489124387700975679",
"205575496570499494708481404256398884770",
"35118489198705453247619660972459536691",
"112145048938924144115260822311632888689",
"128826397511722976224809354850155921767"
],
"threshold": 0.9
},
"id": "CVE-2025-54949-61d493e1"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "kernels/prim_ops/test/prim_ops_test.cpp",
"function": "TEST_F"
},
"signature_version": "v1",
"source": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"digest": {
"length": 1377.0,
"function_hash": "11239499256523041173111659413912133085"
},
"id": "CVE-2025-54949-b0eefa0e"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "kernels/prim_ops/et_copy_index.cpp",
"function": "et_copy_index"
},
"signature_version": "v1",
"source": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"digest": {
"length": 1244.0,
"function_hash": "326758178295538584534296223607143889913"
},
"id": "CVE-2025-54949-b509a731"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "kernels/prim_ops/test/prim_ops_test.cpp"
},
"signature_version": "v1",
"source": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"digest": {
"line_hashes": [
"331899867184051566556417119445650164055",
"340066840568919290711097351350325941393",
"60625375708031533590759083702613162004",
"279921325556351828765117719379543979449"
],
"threshold": 0.9
},
"id": "CVE-2025-54949-f4e8e0bd"
}
]