Primary

Context

NVIDIA NeMo Framework Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A deserialization vulnerability allowing remote code execution has been identified in the NVIDIA NeMo Framework, affecting all platforms. This issue arises from the framework's handling of untrusted data, which could be exploited to execute arbitrary code and manipulate data.

Impact

Exploitation of this vulnerability could result in unauthorized code execution and unauthorized data modification.

Remediation

Users are advised to upgrade to the latest version of the NVIDIA NeMo Framework, available on the NVIDIA GitHub Releases page. For more information, visit the NVIDIA Product Security page.

Added: Aug 13, 2025, 9:45 PM

Updated: Aug 13, 2025, 9:45 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating