CVE-2025-54952
- Source
- https://cve.org/CVERecord?id=CVE-2025-54952
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54952.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54952
- Aliases
- Published
- 2025-08-08T00:15:26.790Z
- Modified
- 2026-03-14T12:44:08.923430Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
- References
Affected packages
Git / github.com/pytorch/executorch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytorch/executorch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
ciflow/binaries/all/sdym
ciflow/binaries/sdym
stable-2023-08-01
stable-2023-08-15
stable-2023-08-29
stable-2023-09-12
stable-2023-09-19
v0.*
v0.1.0-rc1
v0.2.0-rc1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54952.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"32230930426288135781751580657657381743",
"27816795093322237428348240608559980770",
"166200815449907023341764011611882552768",
"31150020504940064754111791546867125044",
"177987325295771229544198077922036655720",
"331750139255521733435766596191056857196",
"121091089390543637236130583055923662272"
],
"threshold": 0.9
},
"source": "https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b",
"id": "CVE-2025-54952-029ca469",
"target": {
"file": "runtime/core/memory_allocator.h"
}
}
]