CVE-2025-30402: ExecuTorch vulnerable to Heap-based Buffer Overflow attack

July 11, 2025 (updated October 6, 2025)

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

References

github.com/advisories/GHSA-h952-963h-rv99
github.com/pytorch/executorch
github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
nvd.nist.gov/vuln/detail/CVE-2025-30402
www.facebook.com/security/advisories/cve-2025-30402

Code Behaviors & Features

Detect and mitigate CVE-2025-30402 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →