CVE-2025-30404

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-30404
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30404.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-30404
Aliases
Published
2025-08-07T22:46:57.161Z
Modified
2026-05-18T05:59:26.851449411Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/30xxx/CVE-2025-30404.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "fixed": "https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006"
                }
            ]
        }
    ],
    "cna_assigner": "facebook"
}
References

Affected packages

Git / github.com/pytorch/executorch

Affected ranges

Type
GIT
Repo
https://github.com/pytorch/executorch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d158236b1dc84539c1b16843bc74054c9dcba006
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

Other
ciflow/binaries/all/sdym
ciflow/binaries/sdym
stable-2023-08-01
stable-2023-08-15
stable-2023-08-29
stable-2023-09-12
stable-2023-09-19
v0.*
v0.1.0-rc1
v0.2.0-rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30404.json"