CVE-2025-30405: 
Python vulnerability analysis and mitigation

An integer overflow vulnerability (CVE-2025-30405) was discovered in the loading of ExecuTorch models that can cause objects to be placed outside their allocated memory area. This vulnerability affects ExecuTorch versions prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73. The vulnerability was disclosed on August 7, 2025, and received a CVSS v3.1 base score of 9.8 (Critical) (NVD).

The vulnerability is classified as an Integer Overflow (CWE-190) that occurs during the loading of ExecuTorch models. The issue specifically manifests in the HierarchicalAllocator::getoffsetaddress() function where insufficient validation of offset calculations could lead to memory boundary violations. The vulnerability received a Critical severity rating with a CVSS v3.1 score of 9.8, indicating remote exploitability with no privileges or user interaction required (NVD).

If exploited, this vulnerability could potentially result in code execution or other undesirable effects due to objects being placed outside their allocated memory areas. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of affected systems (NVD).

The vulnerability has been patched in commit 0830af8207240df8d7f35b984cdf8bc35d74fa73. Users should update their ExecuTorch installations to a version that includes this commit. The fix includes additional validation checks for integer overflow in offset calculations (GitHub Commit).