Primary

Context

NVIDIA NeMo Framework Code Injection Vulnerability in BERT Services Component

Vulnerability

Patched

A code injection vulnerability has been identified in the BERT services component of the NVIDIA NeMo Framework, affecting all platforms. This vulnerability allows an attacker to inject malicious data, which could be exploited to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The issue arises from improper control of code generation, enabling attackers to manipulate the execution flow of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, privilege escalation, information disclosure, and data tampering.

Remediation

Users are advised to update to version 2.5.0 or later. The update is available on the NVIDIA GitHub releases page and through the Python Package Index (PyPI).

Added: Nov 11, 2025, 6:00 PM

Updated: Nov 11, 2025, 6:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.7

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Code Injection Vulnerability in BERT Services Component

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating