Primary

Context

NVIDIA NeMo Framework Code Injection Vulnerability in NLP Component

Vulnerability

Patched

A code injection vulnerability has been identified in the NVIDIA NeMo Framework's NLP component, affecting all platforms. This issue allows an attacker to inject malicious data, which could be exploited to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability arises from improper control over code generation, enabling injected data to be executed as code.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, privilege escalation, information disclosure, and data manipulation.

Remediation

Users are advised to upgrade to NVIDIA NeMo Framework version 2.4.0 or later. The latest version can be downloaded from the NVIDIA GitHub releases page or via PyPI.

Added: Aug 26, 2025, 7:18 PM

Updated: Aug 26, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Code Injection Vulnerability in NLP Component

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating