CVE-2025-54951: ExecuTorch vulnerable to Heap-based Buffer Overflow

August 8, 2025 (updated August 12, 2025)

A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.

References

github.com/advisories/GHSA-xc7w-r669-48pf
github.com/pytorch/executorch
github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c
nvd.nist.gov/vuln/detail/CVE-2025-54951
www.facebook.com/security/advisories/cve-2025-54951

Code Behaviors & Features

Detect and mitigate CVE-2025-54951 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →