9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-30405

GHSA ID

GHSA-84m3-f99p-cqx5

EPSS Score

0.0324%

CWE

CWE-190

Published

8/8/2025

Updated

8/12/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-30405

CVE-2025-30405: ExecuTorch integer overflow vulnerability

An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-30405

GHSA ID

GHSA-84m3-f99p-cqx5

EPSS Score

0.0324%

CWE

CWE-190

Published

8/8/2025

Updated

8/12/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
executorch	pip	< 0.7.0	0.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the provided vulnerability information and the associated commit 0830af8207240df8d7f35b984cdf8bc35d74fa73 directly points to the vulnerable function. The commit message explicitly states, "Integer overflow in HierarchicalAllocator::get_offset_address()". The patch applied to runtime/core/hierarchical_allocator.h introduces a check to prevent an integer overflow before a memory allocation check. This confirms that the get_offset_address function within the torch::executor::HierarchicalAllocator class was the location of the vulnerability. The vulnerability lies in the fact that without the added check, an attacker could provide a specially crafted model that causes offset_bytes + size_bytes to overflow, leading to an out-of-bounds write and potential code execution. Therefore, the identified function torch::executor::HierarchicalAllocator::get_offset_address is the precise location of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n int***r ov*r*low vuln*r**ility in t** lo**in* o* *x**uTor** mo**ls **n **us* o*j**ts to ** pl**** outsi** t**ir *llo**t** m*mory *r**, pot*nti*lly r*sultin* in *o** *x**ution or ot**r un**sir**l* *****ts. T*is issu* *****ts *x**uTor** prior to *om

Reasoning

T** *n*lysis o* t** provi*** vuln*r**ility in*orm*tion *n* t** *sso*i*t** *ommit `****************************************` *ir**tly points to t** vuln*r**l* *un*tion. T** *ommit m*ss*** *xpli*itly st*t*s, "Int***r ov*r*low in *i*r*r**i**l*llo**tor::

9.8

Basic Information

Concerned about an active attack path?

CVE-2025-30405: ExecuTorch integer overflow vulnerability

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI