Primary

Context

NVIDIA NeMo Framework Code Injection Vulnerability Allowing Arbitrary Code Execution and Privilege Escalation

Vulnerability

Patched

A code injection vulnerability has been identified in NVIDIA NeMo Framework, affecting all platforms and versions prior to 2.5.3. This vulnerability allows malicious data created by an attacker to be injected, potentially leading to arbitrary code execution, escalation of privileges, unauthorized information disclosure, and data tampering.

Impact

Exploitation of this vulnerability could result in arbitrary code execution, unauthorized privilege escalation, information disclosure, and data tampering.

Remediation

Users are advised to update to version 2.5.3 or later. The updated version is available on the NVIDIA NeMo Framework GitHub releases page and on PyPI.

Added: Dec 16, 2025, 7:18 PM

Updated: Dec 16, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

4.7

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Framework Code Injection Vulnerability Allowing Arbitrary Code Execution and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

NVIDIA NeMo Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating