SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2025-32434

CVE-2025-32434: PyTorch torch.load RCE Vulnerability

CVE-2025-32434 is a remote code execution vulnerability in PyTorch's torch.load function that affects versions 2.5.1 and earlier. This article covers the technical details, affected versions, security impact, and mitigation strategies.

Updated:

CVE-2025-32434 Overview

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Critical Impact

This vulnerability allows remote attackers to execute arbitrary commands, potentially compromising the entire system.

Affected Products

  • linuxfoundation:pytorch

Discovery Timeline

  • 2025-04-18T16:15:23.183 - CVE CVE-2025-32434 published to NVD
  • 2025-05-28T13:14:20.750 - Last updated in NVD database

Technical Details for CVE-2025-32434

Vulnerability Analysis

The vulnerability arises from improper input handling during the deserialization process in torch.load. If weights_only=True is set, an attacker can craft a malicious model file that exploits the serialization process to execute arbitrary commands on the host.

Root Cause

Improper input validation and lack of sandboxing during the model deserialization phase.

Attack Vector

Network: The vulnerability is exploitable remotely via specially crafted model files delivered over network interfaces.

python
# Example exploitation code (sanitized)
import torch

# Malicious payload model
malicious_model = 'malicious.pth'  # A placeholder path

# Exploit using torch.load
with open(malicious_model, 'rb') as f:
    model = torch.load(f, weights_only=True)

Detection Methods for CVE-2025-32434

Indicators of Compromise

  • Unexpected model files downloaded or executed
  • System processes executing unusual shell commands
  • Network traffic to unknown hosts after model loading

Detection Strategies

Monitor for unusual file operations and network connections following torch.load usage. Use endpoint detection solutions to identify signs of deserialization attacks.

Monitoring Recommendations

Implement network and file activity monitoring, focusing on processes within environments using PyTorch for model operations.

How to Mitigate CVE-2025-32434

Immediate Actions Required

  • Update to PyTorch version 2.6.0 or later
  • Validate and sanitize model files from untrusted sources
  • Consider using sandboxing or isolation techniques

Patch Information

The vulnerability has been patched in PyTorch version 2.6.0. Users should update to this version to mitigate the issue.

Workarounds

Avoid using torch.load with weights_only=True unless model file integrity is assured.

bash
# Configuration example
pip install torch==2.6.0

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne