Primary

Context

NVIDIA NeMo Framework Relative Path Traversal Vulnerability Leading to Code Execution

Vulnerability

Patched

A relative path traversal vulnerability has been identified in the NVIDIA NeMo Framework. This issue allows users to write arbitrary files, potentially leading to code execution and data tampering. The vulnerability affects all versions prior to 24.12 on Windows, Linux, and macOS.

Impact

Exploitation of this vulnerability could result in unauthorized code execution and manipulation of data within the application.

Remediation

Users are advised to upgrade to version 24.12 or later. The latest release can be downloaded from the NeMo-Framework-Launcher Releases page on GitHub.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.7

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Relative Path Traversal Vulnerability Leading to Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating