Update PyTorch ASAP | Kaspersky official blog

Update PyTorch ASAP | Kaspersky official blog

/in

A researcher has discovered a vulnerability in PyTorch, an open-source machine learning framework. The vulnerability, registered as CVE-2025-32434, belongs to the Remote Code Execution (RCE) class and has a 9.3 CVSS rating, meaning it is categorized as critical. Exploitation of CVE-2025-32434 under certain conditions allows an attacker to run arbitrary code when malicious AI model is being loaded on the victim’s computer. Anyone using PyTorch is advised to update the framework to the latest version as soon as possible.

The CVE-2025-32434 vulnerability

The PyTorch framework, among other things, allows users to save trained models to a file that stores the weights. And, of course, load them from the file using the torch.load() function. Trained models are often shared via various public repositories and, theoretically, they may contain malicious implants. Therefore, the official documentation of the PyTorch project recommends using the torch.load() function with the weights_only=True parameter for security purposes (this way, only primitive data types are loaded: dictionaries, tensors, lists, and so on).

The vulnerability CVE-2025-32434 exists due to an incorrectly implemented deserialization mechanism when loading a model. The researcher who discovered it, demonstrated that an attacker can create a model file in such a way that the weights_only=True parameter will lead to the exact opposite effect —while loading of this malicious model will lead to arbitrary code execution that can compromise the environment in which the model is run.

How to stay safe?

The researcher did not publish a detailed method for exploiting this vulnerability, and at the moment there is no evidence that someone is using CVE-2025-32434 in real attacks. However, the very fact of releasing a patch always attracts both researchers and attackers to the problem, so proof-of-concept exploits are most likely already being developed.

The team responsible for developing the PyTorch framework released update 2.6.0, in which the vulnerability CVE-2025-32434 was successfully fixed. All previous versions, up to 2.5.1, remain vulnerable and should be updated as soon as possible. If this is not possible for some reason, then researchers recommend to refrain from using the torch.load() function with the weights_only=True parameter and temporarily switch to alternative methods of model loading.

In addition, we recommend paying special attention to protecting virtual and cloud environments – this is easiest to do using specialized solutions.

Kaspersky official blog – ​Read More