Primary

Context

NVIDIA Megatron-LM Code Injection Vulnerability in Ensemble Classifier Script Allowing Privilege Escalation and Data Manipulation

Vulnerability

A code injection vulnerability has been identified in the ensemble_classifier script of NVIDIA Megatron-LM, affecting all platforms. This vulnerability allows an attacker to inject malicious data, which could be exploited to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, elevated privileges, unauthorized information access, and data manipulation.

Remediation

Users are advised to update to version 0.13.1 or 0.12.3 and later. The updated versions are available on the NVIDIA Megatron-LM GitHub releases page.

Added: Sep 24, 2025, 2:18 PM

Updated: Sep 24, 2025, 9:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Code Injection Vulnerability in Ensemble Classifier Script Allowing Privilege Escalation and Data Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating