PyTorch-Lightning Insecure Deserialization Vulnerability Allowing Arbitrary Code Execution

A vulnerability allowing insecure deserialization has been identified in PyTorch-Lightning versions through 2.6.0. This issue arises in the checkpoint loading process, specifically within the LightningModule.load_from_checkpoint() method. The method calls torch.load() without the security-focused weights_only=True parameter, enabling the deserialization of arbitrary Python objects using the Pickle module. As a result, a remote attacker could exploit this vulnerability by supplying a maliciously crafted checkpoint file, leading to arbitrary code execution on the victim's system when the file is loaded.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where the vulnerable version of PyTorch-Lightning is used.

Reproduction

To reproduce this vulnerability, load a maliciously crafted checkpoint file into a PyTorch-Lightning model using the load_from_checkpoint() method. The checkpoint file must be designed to execute arbitrary code upon deserialization.

Remediation

Users can update to PyTorch-Lightning versions later than 2.6.0, where this vulnerability has been addressed.