Primary

Context

NVIDIA NeMo Framework Code Injection Vulnerability Allowing Code Execution and Privilege Escalation

Vulnerability

Patched

A code injection vulnerability has been identified in the NVIDIA NeMo Framework, affecting all platforms and versions prior to 2.5.0. This vulnerability allows attackers to manipulate code generation processes, potentially leading to unauthorized code execution, elevated privileges, information disclosure, and data tampering.

Impact

Exploitation of this vulnerability could result in unauthorized code execution, escalation of privileges, unauthorized information disclosure, and unauthorized data modification.

Remediation

Users are advised to update to version 2.5.0 or later. The updated version is available on the NVIDIA GitHub releases page and through the Python Package Index (PyPI).

Added: Nov 11, 2025, 5:17 PM

Updated: Nov 11, 2025, 5:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Code Injection Vulnerability Allowing Code Execution and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating