Skip to main content

Nemo CVE-2025-23312

HIGH
Code Injection (CWE-94)
2025-08-26 psirt@nvidia.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
CVE Published
Aug 26, 2025 - 19:15 nvd
HIGH 7.8

DescriptionCVE.org

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

AnalysisAI

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. Affected products include: Nvidia Nemo.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

More in Nemo

View all
CVE-2025-23303 HIGH
7.8 Aug 13

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted

CVE-2025-33245 HIGH
8.0 Feb 18

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful expl

CVE-2025-23249 HIGH
7.6 Apr 22

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote co

CVE-2025-33243 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed enviro

CVE-2025-33252 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit

CVE-2025-33241 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciou

CVE-2025-23304 HIGH
7.8 Aug 13

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could c

CVE-2025-33251 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit

CVE-2025-33250 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit

CVE-2025-33253 HIGH
7.8 Feb 18

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user

CVE-2025-33246 HIGH
7.8 Feb 18

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause

CVE-2025-33249 HIGH
7.8 Feb 18

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input

Share

CVE-2025-23312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy