CVE-2025-54949: ExecuTorch heap buffer overflow vulnerability

August 8, 2025 (updated August 12, 2025)

A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be

References

github.com/advisories/GHSA-9m39-3mf3-xwch
github.com/pytorch/executorch
github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be
nvd.nist.gov/vuln/detail/CVE-2025-54949
www.facebook.com/security/advisories/cve-2025-54949

Code Behaviors & Features

Detect and mitigate CVE-2025-54949 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →