CVE-2025-62608

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4

Description MLX, an array framework for machine learning on Apple silicon, contains a heap buffer overflow in the mlx::core::load() function when processing malicious NumPy .npy files. A specially crafted file can trigger a 13-byte out-of-bounds read, potentially leading to a crash or information disclosure.

Recommendations Update to version 0.29.4 or later.

Exploit

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

CVE-2025-62608

GHSA-W6VG-JG77-2QG6

PYSEC-2025-138

Affected Products

Mlx

CVE-2025-62608

Weakness Enumeration

Related Identifiers

Affected Products

References · 15