CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-48063

Medium Severity
SVRS
38/100
CVSSv3
NA/10
EPSS
0.02658/1

CVE-2024-48063 is a Deserialization RCE (Remote Code Execution) vulnerability found in PyTorch versions 2.4.1 and earlier within the RemoteModule. Although disputed as intended behavior in PyTorch distributed computing, it poses a risk. With an SVRS of 38, while not critical, the presence of active exploits and the "In The Wild" tag indicate a heightened potential for malicious use. This means attackers could potentially execute arbitrary code remotely by exploiting deserialization flaws. While the CVSS score is 0, the SVRS highlights that real-world risk goes beyond the theoretical. Organizations using affected PyTorch versions should carefully assess their risk and consider mitigation strategies, particularly where distributed computing features are exposed to untrusted networks. Ignoring this vulnerability, despite its disputed nature, could expose systems to unauthorized access and control.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-10-29
LAST MODIFIED2025-01-09

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
zgimszhd61/CVE-2024-48063-pochttps://github.com/zgimszhd61/CVE-2024-48063-poc2024-10-31
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-48063 | PyTorch up to 2.4.1 RemoteModule deserialization (Nessus ID 232190)
vuldb.com2025-03-06
CVE-2024-48063 | PyTorch up to 2.4.1 RemoteModule deserialization (Nessus ID 232190) | A vulnerability was found in PyTorch up to 2.4.1. It has been classified as critical. This affects an unknown part of the component RemoteModule. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-48063. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
rss
forum
news
CVE-2024-48063 | PyTorch up to 2.4.1 RemoteModule deserialization
vuldb.com2025-01-10
CVE-2024-48063 | PyTorch up to 2.4.1 RemoteModule deserialization | A vulnerability was found in PyTorch up to 2.4.1. It has been classified as critical. This affects an unknown part of the component RemoteModule. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-48063. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
CVE@MITRE.ORGhttps://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
CVE@MITRE.ORGhttps://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
CVE@MITRE.ORGhttps://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065
CVE@MITRE.ORGhttps://github.com/pytorch/pytorch/issues/129228
CVE@MITRE.ORGhttps://github.com/pytorch/pytorch/security/policy#using-distributed-features
CVE@MITRE.ORGhttps://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c
GITHUBhttps://rumbling-slice-eb0.notion.site/Distributed-RPC-Framework-RemoteModule-has-Deserialization-RCE-in-pytorch-pytorch-111e3cda9e8c8021a7d3cbc61ee1a20c

CWE Details

CWE IDCWE NameDescription
CWE-502Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence