Nvidia Nemo vulnerabilities

CVE-2025-23313 [HIGH] CWE-94 CVE-2025-23313: NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicio NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-23315 [HIGH] CWE-94 CVE-2025-23315: NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-23304 [HIGH] CWE-22 CVE-2025-23304: NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.

CVE-2025-23303 [HIGH] CWE-502 CVE-2025-23303: NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserial NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVE-2025-23251 [HIGH] CWE-94 CVE-2025-23251: NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of gener NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVE-2025-23249 [HIGH] CWE-502 CVE-2025-23249: NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrust NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVE-2025-23250 [HIGH] CWE-22 CVE-2025-23250: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVE-2025-23360 [HIGH] CWE-23 CVE-2025-23360: NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal is NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVE-2024-0129 [MEDIUM] CWE-22 CVE-2024-0129: NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering.

CVE-2024-0081 [HIGH] CWE-770 CVE-2024-0081: NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerability may lead to a server-side denial of service.

CVE-2022-22821 [LOW] CWE-22 CVE-2022-22821: NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lea NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.