Hugging Face's logo

WolfpackArmy
/
pytorch-pickle-rce-poc

Model card Files
xet
 Community

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PyTorch Model File ACE via Pickle Deserialization PoC

Vulnerability

Arbitrary Code Execution via pickle deserialization in torch.load() (CWE-502)

Files

  • poc_torchsave.pt โ€” Malicious .pt file, executes code on torch.load()
  • poc_evil_statedict.pt โ€” Malicious state_dict with embedded payload
  • benign_model.pt โ€” Clean model for comparison
  • benign_torchscript.pt โ€” Clean TorchScript model

How to reproduce 

import torch
# WARNING: This executes arbitrary code
model = torch.load('poc_torchsave.pt', weights_only=False)
# Creates pwned.txt as proof of execution

Impact

Any application loading untrusted .pt files with weights_only=False gets arbitrary code execution.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support