Primary

Context

NVIDIA NeMo Framework Path Traversal Vulnerability Leading to Arbitrary File Write and Potential Code Execution

Vulnerability

Patched

A vulnerability in NVIDIA NeMo Framework allows an attacker to bypass pathname restrictions, leading to arbitrary file writes. This could result in unauthorized code execution and data manipulation. The issue affects all versions prior to 25.02 on Windows, Linux, and macOS.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution and manipulation of data within the application.

Remediation

Users are advised to upgrade to version 25.02 or later. Instructions for downloading the latest release are available on the NVIDIA GitHub page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Path Traversal Vulnerability Leading to Arbitrary File Write and Potential Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating