CVE-2025-62608 is a heap-based buffer overflow vulnerability identified in the mlx array framework, a machine learning library optimized for Apple silicon platforms. The vulnerability resides in the mlx::core::load() function responsible for parsing NumPy .npy files, a common data format in scientific computing and ML workflows. Specifically, when processing a maliciously crafted .npy file, mlx performs an out-of-bounds read of 13 bytes beyond the allocated heap buffer. This flaw is classified under CWE-122 (Heap-based Buffer Overflow). The consequence of this out-of-bounds read is twofold: it can cause the application to crash (denial of service) or leak sensitive memory contents (information disclosure). The vulnerability does not require any privileges, user interaction, or authentication, making it remotely exploitable by simply supplying a crafted file to the vulnerable mlx library. The affected versions are all mlx releases prior to 0.29.4, with the issue resolved in version 0.29.4. The CVSS v4.0 base score is 5.5 (medium severity), reflecting the limited impact scope and lack of integrity or availability compromise beyond crash and information leak. No known exploits have been reported in the wild, but the vulnerability poses a risk to systems that automatically load or process untrusted NumPy files using vulnerable mlx versions on Apple silicon hardware. Given the growing use of Apple silicon in ML environments, this vulnerability could be leveraged in targeted attacks against data science workflows or ML model pipelines.

For European organizations, the primary impact of CVE-2025-62608 lies in potential denial of service and limited information disclosure within machine learning environments running on Apple silicon devices. Organizations relying on mlx for ML data processing could face application crashes disrupting workflows, leading to operational downtime or degraded service availability. The information disclosure risk, while limited to small memory leaks, could expose sensitive ML model parameters or proprietary data if exploited in a targeted manner. This could undermine intellectual property confidentiality or leak sensitive training data. The vulnerability is particularly relevant for sectors with advanced ML adoption such as finance, healthcare, and research institutions across Europe. Since exploitation requires supplying a malicious .npy file, environments that ingest external or user-generated ML data are at higher risk. However, the lack of privilege requirements and user interaction lowers the attack complexity. Prompt patching is essential to prevent exploitation and maintain the integrity and availability of ML workflows.

European organizations should immediately update the mlx framework to version 0.29.4 or later to remediate this vulnerability. Additionally, organizations should implement strict validation and sanitization of all external NumPy .npy files before processing, including scanning for malformed or suspicious files. Employing application-level sandboxing or containerization for ML workloads can limit the blast radius of potential crashes or leaks. Monitoring ML pipeline logs for unexpected crashes or anomalies can help detect exploitation attempts. Restricting file input sources to trusted origins and enforcing strict access controls on ML data ingestion points will reduce exposure. For organizations unable to upgrade immediately, disabling automatic loading of untrusted .npy files or using alternative parsing libraries without this vulnerability can be considered. Finally, maintain up-to-date asset inventories to identify Apple silicon devices running vulnerable mlx versions to prioritize patching efforts.