CVE-2025-62609 – MLX has Wild Pointer Dereference in load_gguf()

CVE ID : CVE-2025-62609

Published : Nov. 21, 2025, 6:57 p.m. | 18 minutes ago

Description : MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault in mlx::core::load_gguf() when loading malicious GGUF files. Untrusted pointer from external gguflib library is dereferenced without validation, causing application crash. This issue has been patched in version 0.29.4.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…