CVE-2025-23303
published 2025-08-13CVE-2025-23303: NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_wpa_supplicant_2.10-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_wpa_supplicant_2.10-1_on_cbl_mariner_1.0 | — | — |
| nvidia | nemo | < 2.3.2 | 2.3.2 |
| nvidia | nvidia_nemo_framework | — | — |