EUVD-2025-208975
GHSA-wxjh-pc4c-7rjq
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Analysis
NVIDIA Megatron-LM contains a critical unsafe deserialization vulnerability (CWE-502) in its hybrid conversion script that allows remote code execution when a user loads a maliciously crafted file. The vulnerability affects NVIDIA Megatron-LM installations and enables attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. With a CVSS score of 7.8 and local attack vector requiring low privileges and no user interaction, this represents a significant risk for organizations using this large language model training framework.
Technical Context
NVIDIA Megatron-LM is a deep learning framework specifically designed for training large-scale language models using model and data parallelism techniques. The vulnerability stems from unsafe deserialization (CWE-502) in the hybrid conversion script, which processes serialized data from files without proper validation. Unsafe deserialization occurs when an application deserializes untrusted data, allowing attackers to inject malicious objects that execute arbitrary code during the deserialization process. The affected product is identified via CPE cpe:2.3:a:nvidia:megatron_lm:*:*:*:*:*:*:*:*, indicating all versions are potentially vulnerable pending specific version restrictions from the vendor. This class of vulnerability is particularly dangerous in machine learning frameworks where model files and conversion scripts regularly handle serialized data structures.
Affected Products
NVIDIA Megatron-LM is affected by this vulnerability, as identified through the CPE string cpe:2.3:a:nvidia:megatron_lm:*:*:*:*:*:*:*:*. The asterisk wildcard in the version field suggests multiple or all versions may be vulnerable pending specific version information from NVIDIA. Organizations should consult the official NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5769 for precise version ranges and affected configurations. Megatron-LM is widely used in research institutions, AI development teams, and organizations training large-scale transformer models, making the affected user base significant within the machine learning community.
Remediation
Users should immediately consult the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5769 for official patching guidance, version-specific remediation steps, and validated security updates for Megatron-LM. Until patches can be applied, organizations should implement strict controls on file sources used with the hybrid conversion script, restricting processing to only trusted model files from verified origins. Additional mitigations include implementing file integrity verification before processing conversion scripts, restricting file system permissions to prevent low-privileged users from writing to directories containing model conversion files, applying principle of least privilege to limit which users can execute the conversion script, and monitoring for suspicious deserialization activity. In shared computing environments, consider sandboxing or containerization with restricted privileges when running model conversion operations to limit potential impact of successful exploitation.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today