CVE-2025-30404: ExecuTorch integer overflow vulnerability

August 8, 2025 (updated August 12, 2025)

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.

References

github.com/advisories/GHSA-hj95-mhgf-jxc4
github.com/pytorch/executorch
github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006
nvd.nist.gov/vuln/detail/CVE-2025-30404
www.facebook.com/security/advisories/cve-2025-30404

Code Behaviors & Features

Detect and mitigate CVE-2025-30404 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →