A newly disclosed critical vulnerability (CVE-2025-32434) in PyTorch, the widely used open-source machine learning framework, allows attackers to execute arbitrary code on systems loading AI models—even when safety measures like weights_only=True are enabled.
The flaw impacts all PyTorch versions ≤2.5.1 and has been patched in version 2.6.0, released earlier this week.
CVE ID | Severity | Affected Versions | Patched Version |
CVE-2025-32434 | Critical | PyTorch ≤2.5.1 (pip) | 2.6.0 |
The flaw resides in PyTorch’s torch.load() function, which is commonly used to load serialized AI models.
While enabling weights_only=True was previously believed to prevent unsafe code execution by restricting data loading to model weights, security researcher Ji’an Zhou demonstrated that attackers can bypass this safeguard to execute remote commands.
This undermines a core security assumption in PyTorch’s documentation, which explicitly recommended weights_only=True as a mitigation against malicious models.
Organizations using this setting to protect inference pipelines, federated learning systems, or model hubs are now at risk of remote takeover.
The PyTorch team acknowledged the vulnerability, stating, “This issue highlights the evolving nature of ML security. We urge all users to update immediately and report suspicious model behavior.”
PyTorch is foundational to AI research and deployment, with users ranging from startups to tech giants like Meta and Microsoft.
This vulnerability exposes critical infrastructure to attacks that could steal data, disrupt services, or hijack resources.
As AI adoption grows, securing model pipelines is paramount. CVE-2025-32434 serves as a stark reminder that even trusted safeguards require continuous scrutiny.
Update PyTorch installations, audit model sources, and treat all third-party AI artifacts as potential attack vectors until verified.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like Initial…
The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising an…
Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11 24H2…
Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant service…
Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public Benefit…
Google has significantly expanded the capabilities of NotebookLM, its AI-powered research tool, by introducing Audio…