CVE-2025-54951
ExecuTorch vulnerable to Heap-based Buffer Overflow
9.8
CRITICAL
CVSS 3.1
EPSS 0.83%
Description
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.
How to fix CVE-2025-54951
To remediate CVE-2025-54951, upgrade the affected package to a fixed version below.
- —upgrade to 0.7.0 or later
- —upgrade to 0.7.0 or later
Is CVE-2025-54951 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.7.0
- from 0, < 0.7.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |