Megatron Lm
CVE-2025-23354
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
AnalysisAI
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering. Affected products include: Nvidia Megatron-Lm.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Megatron Lm
View allCVE-2025-23265 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers wi
CVE-2025-23264 is a code injection vulnerability in NVIDIA Megatron-LM's Python component that allows local attackers wi
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a co
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an a
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data crea
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created b
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today