Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN246

_____________________________________________________________________

DATE                : 22/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running  pytorch (pip) versions prior to
                                        2.6.0.

=====================================================================
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
_____________________________________________________________________

torch.load with weights_only=True RCE
Critical
malfet published GHSA-53q9-r3pm-6pq6 Apr 17, 2025

Package
pytorch (pip)

Affected versions
<=2.5.1

Patched versions
2.6.0


Description

Description

I found a Remote Command Execution (RCE) vulnerability in the PyTorch.
When load model using torch.load with weights_only=True, it can still
achieve RCE.


Background knowledge

https://github.com/pytorch/pytorch/security
As you can see, the PyTorch official documentation considers using
torch.load() with weights_only=True to be safe.
image
Since everyone knows that weights_only=False is unsafe, so they will
use the weights_only=True to mitigate the seucirty issue.

But now, I just proved that even if you use weights_only=True, it
still can achieve RCE.

So it is time to update your PyTorch version~.


Credit

This vulnerability was found by Ji'an Zhou.


Severity
Critical

CVE ID
CVE-2025-32434

Weaknesses
No CWEs


Credits

    @azraelxuemo azraelxuemo Reporter



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================