GHSA-9m39-3mf3-xwch

Source

https://github.com/advisories/GHSA-9m39-3mf3-xwch

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-9m39-3mf3-xwch/GHSA-9m39-3mf3-xwch.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9m39-3mf3-xwch

Aliases

CVE-2025-54949

Published

2025-08-08T00:30:26Z

Modified

2025-10-06T15:27:49.632269Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

ExecuTorch heap buffer overflow vulnerability

Details

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be

Database specific

{
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-122"
    ],
    "nvd_published_at": "2025-08-07T23:15:26Z",
    "github_reviewed_at": "2025-08-12T18:49:44Z"
}

References

Affected packages

PyPI / executorch

Package

Name: executorch; View open source insights on deps.dev
Purl: pkg:pypi/executorch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.0

Affected versions

0.*

0.1.0

0.1.2

0.2.0

0.2.1

0.3.0

0.4.0

0.5.0

0.6.0

Maven / org.pytorch:executorch-android

Package

Name: org.pytorch:executorch-android; View open source insights on deps.dev
Purl: pkg:maven/org.pytorch/executorch-android

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.0

Affected versions

0.*

0.5.0

0.5.1

0.6.0-rc1

0.6.0-rc3

0.6.0-rc4

0.6.0-rc6

0.6.0

0.7.0-rc1

0.7.0-rc2

0.7.0-rc5

SwiftURL / executorch

Package

Name: executorch
Purl: pkg:swift/executorch

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.0