Overview
CVE-2025-62609 describes a security vulnerability found in MLX, an array framework for machine learning on Apple silicon. Specifically, versions prior to 0.29.4 are susceptible to a segmentation fault when loading crafted, malicious GGUF (GPT-2 Unified Format) files. This can lead to application crashes and potentially denial-of-service conditions.
Technical Details
The vulnerability arises from the mlx::core::load_gguf() function within the MLX framework. When processing GGUF files, the code dereferences a pointer received from the external gguflib library. Crucially, this pointer is not validated before being dereferenced. A malicious GGUF file can be crafted to provide an invalid or untrusted pointer, leading to a segmentation fault and subsequent application crash.
Essentially, the MLX framework trusts data provided by the gguflib library without sufficient checks, creating an opportunity for attackers to exploit this lack of validation.
CVSS Analysis
Currently, a CVSS score is not available for CVE-2025-62609 (N/A). This is likely because a full exploit leading to remote code execution or data compromise hasn’t been demonstrated. However, the ability to trigger a segmentation fault and crash the application constitutes a denial-of-service vulnerability.
A future CVSS score may be assigned if further research reveals additional attack vectors or impacts.
Possible Impact
The primary impact of CVE-2025-62609 is a denial-of-service (DoS). An attacker could provide a malicious GGUF file to an MLX-based application, causing it to crash. This could disrupt services that rely on MLX for machine learning tasks, especially if the application is handling untrusted or user-provided GGUF files.
Mitigation and Patch Steps
The vulnerability has been addressed in MLX version 0.29.4. Users of the MLX framework are strongly advised to upgrade to version 0.29.4 or later. This version includes the necessary fixes to validate pointers received from the gguflib library, preventing the segmentation fault.
If upgrading is not immediately feasible, consider implementing additional input validation on GGUF files before loading them into the MLX framework. However, relying solely on manual validation is not recommended as it may be incomplete and prone to errors. The official patch is the most reliable solution.
