{"data":{"id":"90fe9566-0ab4-424f-bd56-b2e210762ea1","title":"CVE-2025-62609: MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a segmentation fault ","summary":"MLX is an array framework for machine learning on Apple silicon that has a vulnerability where loading malicious GGUF files (a machine learning model format) causes a segmentation fault (a crash where the program tries to access invalid memory). The problem occurs because the code dereferences an untrusted pointer (uses a memory address without checking if it's valid) from an external library without validation.","solution":"This issue has been patched in version 0.29.4. Users should update MLX to version 0.29.4 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-62609","publishedAt":"2025-11-21T19:16:02.467Z","cveId":"CVE-2025-62609","cweIds":["CWE-476"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Apple"],"affectedVendorsRaw":["MLX","Apple"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00089,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}