Primary

Context

NVIDIA NeMo Framework Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in the NVIDIA NeMo Framework. This issue allows users to improperly control the generation of code, potentially leading to unauthorized code execution and data tampering. The vulnerability affects all versions prior to 25.02 on Windows, Linux, and macOS.

Impact

Exploitation of this vulnerability could result in arbitrary code execution and unauthorized modification of data.

Remediation

Users are advised to upgrade to version 25.02 of the NVIDIA NeMo Framework. This update is available on the NVIDIA GitHub page. For those using an earlier branch release, it is recommended to upgrade to the latest branch release.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating