CVE-2025-23304
published 2025-08-13CVE-2025-23304: NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_wpa_supplicant_2.10-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_wpa_supplicant_2.10-1_on_cbl_mariner_1.0 | — | — |
| nvidia | nemo | < 2.3.2 | 2.3.2 |
| nvidia | nvidia_nemo_framework | — | — |