Critical remote code execution flaw reported in PyTorch Framework
Take action: If you are using PyTorch, especially for loading third party potentially unsafe models, update your PyTorch to the latest version. Alternatively, find other ways to load models because weights_only=True parameter in the torch.load() is not safe now.
Learn More
A critical security vulnerability has been discovered in the PyTorch machine learning framework that allows for Remote Code Execution (RCE) when loading models.
The vulnerability is tracked as CVE-2025-32434 (CVSS score 9.3) and allows attackers to bypass the weights_only=True parameter in the torch.load() function. This parameter was intended to restrict loading to only primitive data types such as dictionaries, tensors, and lists, thereby preventing the execution of arbitrary code.
An attacker can craft a malicious model file that bypasses the weights_only=True protection. When such a model is loaded, it can execute arbitrary code in the environment where PyTorch is running
It affects all PyTorch versions up to and including 2.5.1.
This vulnerability is particularly dangerous in environments where models are loaded from untrusted sources or public repositories and AI models are shared across teams or organizations.
The PyTorch development team has released version 2.6.0, which fixes the CVE-2025-32434 vulnerability. All users are strongly encouraged to update to this version as soon as possible.
For organizations that cannot immediately update, the following temporary mitigation is recommended:
- Only load models from trusted sources
- Implement alternative methods for model loading
