Nemo
CVE-2025-23315
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
AnalysisAI
NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. Affected products include: Nvidia Nemo.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful expl
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote co
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed enviro
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciou
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could c
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today