PyTorch

PyTorch is an     open source library for Python based on Torch. It develops under the wing  of Facebook and is used to process natural language. PyTorch provides two major high-level models:

• Tensor calculations (similar to NumPy) with advanced acceleration support on the GPU;
• Deep neural networks based on the autodiff system.

2025: Discovery of a vulnerability that allows attackers to remotely execute arbitrary code

A critical vulnerability (CVE-2025-32434) has been discovered in the PyTorch machine learning framework, which allows attackers to remotely execute arbitrary code. The vulnerability affects users who download models from unverified sources, even when using the weights_only=True option, which is designed to load only the model weights. Gazinformservice announced this on April 22, 2025.

The problem is related to the processing of serialized TorchScript objects. An attacker can create a malicious model containing arbitrary Python code that will be executed when the model is loaded on a vulnerable system. This opens up opportunities for complete control over the victim's system. PyTorch developers have released update 2.6.0, which fixes the vulnerability. It is strongly recommended that all users upgrade their settings to the latest version.

The critical vulnerability of PyTorch CVE-2025-32434 has become a wake-up call for the entire machine learning industry. Even a standard precaution, such as the weights only=True option, proved powerless. This incident clearly demonstrates the importance of implementing MLSecOps concepts to provide an integrated approach to security throughout the lifecycle of the models. Users are strongly encouraged to upgrade to the new version of PyTorch 2.6.0 +, and specialists are encouraged to consider full implementation of secure development practices and systematic risk monitoring. The importance of such measures is increasing, given the spread of complex architectures and the growing number of PyTorch users, noted Rimma Kuleshova, cyber expert at Gazinformservice and product manager at SafeERP.

2018: PyTorch 1.0 Developer Release

In early October 2018, Facebook released the final version of its open machine learning platform PyTorch to Facebook developers. It contains a ton of tools and integration tools that will facilitate compatibility with cloud services Google Cloud, Amazon Web Services (AWS) and Microsoft Azure Machine Learning.

In addition, the project was supported by leading chip manufacturers ARM, Nvidia, Qualcomm and Intel, which use the framework to integrate with the kernel library and track the execution time of logical inference.

Facebook has provided developers with an open machine learning platform. It supports Microsoft, Google, Amazon clouds

Simplifying the interaction between different stages of machine learning is facilitated by the combination in PyTorch 1.0 of modular  and development-oriented capabilities  of the Caffe2 framework   and the ONNX standard  with a flexible, research-oriented library structure. Thanks to the presence of these functions in one framework, the need to switch between libraries disappears, Facebook notes.

Google not only implemented PyTorch support in several of its cloud services, but also partnered with Facebook to develop Tensor Processing Unit (TPU) accelerators for PyTorch users.

Sagemaker's managed end-to-end machine learning service  Amazon from will provide PyTorch users with preconfigured environments to automatically configure machine learning models and other purposes.^[1]

Notes