Popular open-source machine learning framework PyTorch has been impacted by a critical security flaw, tracked as CVE-2025-32434, which could be exploited to facilitate arbitrary code execution on artificial intelligence model-loading systems, The Cyber Express reports.
Such a vulnerability which has already been patched in PyTorch version 2.6.0 stems from the framework's torch.load() function, with security researcher Jian Zhou discovering its ability to bypass the "weights_only=True" setting, indicating a threat to torch.load()-dependent apps and cloud services. Organizations with vulnerable PyTorch instances have been urged to not only immediately upgrade their framework through pip install-upgrade torch but also evaluate all AI models in use, particularly those from public or third-party repositories, and be vigilant of updates available in the PyTorch GitHub Security page and its accompanying GitHub advisory. "This issue highlights the evolving nature of ML security. We urge all users to update immediately and report suspicious model behavior," said the PyTorch team.
Such a vulnerability which has already been patched in PyTorch version 2.6.0 stems from the framework's torch.load() function, with security researcher Jian Zhou discovering its ability to bypass the "weights_only=True" setting, indicating a threat to torch.load()-dependent apps and cloud services. Organizations with vulnerable PyTorch instances have been urged to not only immediately upgrade their framework through pip install-upgrade torch but also evaluate all AI models in use, particularly those from public or third-party repositories, and be vigilant of updates available in the PyTorch GitHub Security page and its accompanying GitHub advisory. "This issue highlights the evolving nature of ML security. We urge all users to update immediately and report suspicious model behavior," said the PyTorch team.
