Primary

Context

NVIDIA NeMo Framework Code Injection Vulnerability in Export and Deploy Component

Vulnerability

Patched

A code injection vulnerability has been identified in the NVIDIA NeMo Framework, affecting all platforms. The issue arises in the export and deploy component, where an attacker can introduce malicious data that may be executed as code. Exploitation of this vulnerability could lead to unauthorized code execution, elevated privileges, disclosure of sensitive information, and manipulation of data.

Impact

Exploitation of this vulnerability could result in code execution, privilege escalation, unauthorized information access, and data alteration.

Remediation

Users are advised to upgrade to NVIDIA NeMo Framework version 2.4.0 or later. The latest version can be downloaded from the NVIDIA GitHub releases page or via PyPI.

Added: Aug 26, 2025, 7:17 PM

Updated: Aug 26, 2025, 7:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Code Injection Vulnerability in Export and Deploy Component

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating