CVE-2025-23360Relative Path Traversal in Nvidia Nemo

CWE-23Relative Path Traversal3 documents3 sources
Severity
9.8CRITICALNVD
CNA7.1
EPSS
0.2%
top 63.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nvidia NemoNvidia Nemo Framework
Timeline
PublishedMar 11

Description

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5nvidia/nemo_frameworkAll versions prior to 24.12
NVDnvidia/nemo< 24.12

🔴Vulnerability Details

2
GHSA
GHSA-3mw5-7hq7-6p5w: NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write2025-03-11
CVEList
CVE-2025-23360: NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write2025-03-11
CVE-2025-23360 — Relative Path Traversal in Nvidia Nemo | cvebase