CVE-2025-54952: ExecuTorch integer overflow vulnerability leads to code execution

August 8, 2025

An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.

References

github.com/advisories/GHSA-33r8-vrx9-rmcv
github.com/pytorch/executorch
github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b
nvd.nist.gov/vuln/detail/CVE-2025-54952
www.facebook.com/security/advisories/cve-2025-54952

Code Behaviors & Features

Detect and mitigate CVE-2025-54952 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →