CVE-2025-62609

Name of the Vulnerable Software and Affected Versions MLX versions prior to 0.29.4

Description MLX, an array framework for machine learning on Apple silicon, contains a flaw in the mlx::core::load gguf() function. This function experiences a segmentation fault when processing maliciously crafted GGUF files. The issue stems from dereferencing an untrusted pointer originating from the external gguflib library without proper validation, leading to application crashes.

Recommendations Update to version 0.29.4 or later.