Primary

Context

NVIDIA Megatron-LM Code Injection Vulnerability in MSDP Preprocessing Script Allowing Privilege Escalation and Data Manipulation

Vulnerability

A code injection vulnerability has been identified in the NVIDIA Megatron-LM msdp preprocessing script, affecting all platforms. This vulnerability allows an attacker to inject malicious data, which could be exploited to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, elevated privileges, information leakage, and unauthorized data modification.

Remediation

Users are advised to update to version 0.13.1 or 0.12.3 and later. The updated versions are available on the NVIDIA Megatron-LM GitHub releases page.

Added: Sep 24, 2025, 2:19 PM

Updated: Sep 24, 2025, 9:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Code Injection Vulnerability in MSDP Preprocessing Script Allowing Privilege Escalation and Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating