What is CVE-2025-32434?

CVE-2025-32434 is a vulnerability in Pytorch, classified under Deserialization of Untrusted Data. Published 2025-04-18.

Is CVE-2025-32434 known to be exploited?

38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Pytorch

CVE-2025-32434

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in…

Vulnerability class: Insecure Deserialization

EPSS: 0.004 (62.9th percentile) — read the EPSS interpretation.

Affected products

Pytorch — versions < 2.6.0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

B1tBit/CVE-2025-32434-exploit
Soildworks/Agentic-CLIP-Benchmark
cyhe50/cve-2025-32434-poc
Adrasteon/JustNewsAgent
BancaKim/CallbotPoC
Camier/VOIXCODER
DhwanilPanchani/SecureCode-AI---Intelligent-Vulnerability-Detection-System
DhwanilPanchani/SecureCode-AI-based-Intelligent-Vulnerability-Detection-System
Ka10ken1/Jobless-AI
Ka10kenHQ/Jobless-AI

References

https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-32434?: CVE-2025-32434 is a vulnerability in Pytorch, classified under Deserialization of Untrusted Data. Published 2025-04-18.
Is CVE-2025-32434 known to be exploited?: 38 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.