CVE-2025-30402

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

11/07/2025

Last modified:

15/07/2025

Description

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.10 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): High

Base Score 3.x

8.10

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
https://www.facebook.com/security/advisories/cve-2025-30402