Primary

Context

NVIDIA Megatron-LM Code Injection Vulnerability in Pretraining Script Allowing Code Execution and Privilege Escalation

Vulnerability

A code injection vulnerability has been identified in the NVIDIA Megatron-LM pretrain_gpt script, all platforms. This issue allows an attacker to inject malicious data that could be executed as code. Exploitation of this vulnerability could result in unauthorized code execution, elevated privileges, disclosure of sensitive information, and tampering with data.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, escalation of privileges, disclosure of sensitive information, and unauthorized data modification.

Remediation

Users are advised to update to version 0.13.1 or 0.12.3 and later. This update is available on the NVIDIA Megatron-LM GitHub repository.

Added: Sep 24, 2025, 2:21 PM

Updated: Sep 24, 2025, 9:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Code Injection Vulnerability in Pretraining Script Allowing Code Execution and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating