All the vulnerabilites related to Meta Platforms, Inc - ExecuTorch
cve-2025-30402
Vulnerability from cvelistv5
Published
2025-07-11 17:39
Modified
2025-07-11 18:31
Severity ?
EPSS score ?
Summary
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-30402 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:07:27.711547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:31:13.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:39:26.646Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30402"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30402",
"datePublished": "2025-07-11T17:39:26.646Z",
"dateReserved": "2025-03-21T19:52:56.084Z",
"dateUpdated": "2025-07-11T18:31:13.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-54952
Vulnerability from cvelistv5
Published
2025-08-07 23:08
Modified
2025-08-08 14:11
Severity ?
EPSS score ?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-54952 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T13:46:29.718407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:11:22.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow to Buffer Overflow (CWE-680)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T23:08:39.186Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54952",
"datePublished": "2025-08-07T23:08:39.186Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-08T14:11:22.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-30404
Vulnerability from cvelistv5
Published
2025-08-07 22:46
Modified
2025-08-12 14:11
Severity ?
EPSS score ?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-30404 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:10:48.253429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:11:13.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:46:57.161Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30404"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30404",
"datePublished": "2025-08-07T22:46:57.161Z",
"dateReserved": "2025-03-21T19:52:56.086Z",
"dateUpdated": "2025-08-12T14:11:13.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-54951
Vulnerability from cvelistv5
Published
2025-08-07 23:06
Modified
2025-08-12 14:20
Severity ?
EPSS score ?
Summary
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-54951 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:20:19.866300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:20:40.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T23:06:02.059Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54951",
"datePublished": "2025-08-07T23:06:02.059Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:20:40.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-54950
Vulnerability from cvelistv5
Published
2025-08-07 23:03
Modified
2025-08-12 14:18
Severity ?
EPSS score ?
Summary
An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-54950 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:13:35.299261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:18:12.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:18:07.441Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54950",
"datePublished": "2025-08-07T23:03:03.775Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:18:12.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-54949
Vulnerability from cvelistv5
Published
2025-08-07 22:58
Modified
2025-08-12 14:13
Severity ?
EPSS score ?
Summary
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-54949 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:12:50.781841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:13:11.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:58:23.290Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54949",
"datePublished": "2025-08-07T22:58:23.290Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:13:11.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-30405
Vulnerability from cvelistv5
Published
2025-08-07 22:55
Modified
2025-08-12 14:12
Severity ?
EPSS score ?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2025-30405 | x_refsource_CONFIRM | |
| https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73 | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:11:41.922213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:12:22.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:55:40.262Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30405",
"datePublished": "2025-08-07T22:55:40.262Z",
"dateReserved": "2025-03-21T19:52:56.086Z",
"dateUpdated": "2025-08-12T14:12:22.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}