Primary

Context

NVIDIA NeMo Library Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A code injection vulnerability has been identified in the NVIDIA NeMo library for all platforms, specifically within the model loading component. This issue allows an attacker to inject malicious code by loading .nemo files that contain carefully crafted metadata. Exploiting this vulnerability could result in remote code execution and unauthorized data modification.

Impact

Successful exploitation allows for remote code execution and data tampering.

Remediation

Users are advised to upgrade to the latest version of the NVIDIA NeMo Framework, version 2.3.2 or later. This update is available on the NVIDIA GitHub Releases page.

Added: Aug 13, 2025, 9:43 PM

Updated: Aug 13, 2025, 9:43 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Library Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating