Megatron Lm
CVE-2025-23349
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
AnalysisAI
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. Affected products include: Nvidia Megatron-Lm.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Megatron Lm
View allCVE-2025-23265 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers wi
CVE-2025-23264 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers wi
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a co
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data crea
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data crea
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created b
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today