I am trying to fix CVE-2025-32434 in Pytorch v2.1.2, as I won’t be able to upgrade Pytorch to v2.6.0. I tried backporting PRs (#137602, #138225, #138866, #139221, #140304, #138936, #139541, #140738, #142153, #139433) mentioned in Release Notes of Pytorch v2.6.0 in Pytorch v2.1.2. I am seeing a series of errors when I try running test/test_serialization.py file. I wanted to know the ideal way is of fixing this CVE in Pytorch v2.1.2, to make torch.load safe.
Hey!
Given how old your version of PyTorch is, I don’t expect a backport really make sense.
The bottom line is that this CVE only matters if you load untrusted model from the wild. As long as you don’t do that (which you shouldn’t do in general!!), this CVE doesn’t apply.