Search criteria
26 vulnerabilities found for Megatron-LM by NVIDIA
CVE-2025-23357 (GCVE-0-2025-23357)
Vulnerability from cvelistv5 – Published: 2025-11-11 16:17 – Updated: 2025-11-14 17:41
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T17:41:46.521995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:41:52.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T16:17:18.904Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23357"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23357"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5712"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23357",
"datePublished": "2025-11-11T16:17:18.904Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-11-14T17:41:52.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23354 (GCVE-0-2025-23354)
Vulnerability from cvelistv5 – Published: 2025-09-24 13:14 – Updated: 2025-09-24 13:35
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:34:50.834164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:35:06.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:14:14.483Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23354"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23354"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23354",
"datePublished": "2025-09-24T13:14:14.483Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-09-24T13:35:06.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23353 (GCVE-0-2025-23353)
Vulnerability from cvelistv5 – Published: 2025-09-24 13:14 – Updated: 2025-09-24 13:36
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:35:45.447857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:36:05.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:14:03.249Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23353"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23353"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23353",
"datePublished": "2025-09-24T13:14:03.249Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-09-24T13:36:05.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23349 (GCVE-0-2025-23349)
Vulnerability from cvelistv5 – Published: 2025-09-24 13:13 – Updated: 2025-09-24 13:40
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:36:53.692472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:40:17.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:51.189Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23349"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23349"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23349",
"datePublished": "2025-09-24T13:13:51.189Z",
"dateReserved": "2025-01-14T01:07:21.737Z",
"dateUpdated": "2025-09-24T13:40:17.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23348 (GCVE-0-2025-23348)
Vulnerability from cvelistv5 – Published: 2025-09-24 13:13 – Updated: 2025-09-24 13:57
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:52:40.359542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:57:24.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:43.423Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23348"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23348"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23348",
"datePublished": "2025-09-24T13:13:43.423Z",
"dateReserved": "2025-01-14T01:07:21.737Z",
"dateUpdated": "2025-09-24T13:57:24.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23306 (GCVE-0-2025-23306)
Vulnerability from cvelistv5 – Published: 2025-08-13 17:35 – Updated: 2025-08-13 17:59
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/
arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.12.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T17:58:45.828137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:59:02.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:35:43.759Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23306"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23306"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23306",
"datePublished": "2025-08-13T17:35:43.759Z",
"dateReserved": "2025-01-14T01:06:27.218Z",
"dateUpdated": "2025-08-13T17:59:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23305 (GCVE-0-2025-23305)
Vulnerability from cvelistv5 – Published: 2025-08-13 17:35 – Updated: 2025-08-13 18:02
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.12.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T18:02:44.200690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T18:02:56.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:35:32.814Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23305"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23305"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23305",
"datePublished": "2025-08-13T17:35:09.438Z",
"dateReserved": "2025-01-14T01:06:27.218Z",
"dateUpdated": "2025-08-13T18:02:56.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23265 (GCVE-0-2025-23265)
Vulnerability from cvelistv5 – Published: 2025-06-24 15:29 – Updated: 2025-06-24 15:42
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron LM |
Affected:
All versions prior to 0.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:42:24.692323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:42:35.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Megatron LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:29:08.448Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23265",
"datePublished": "2025-06-24T15:29:08.448Z",
"dateReserved": "2025-01-14T01:06:23.291Z",
"dateUpdated": "2025-06-24T15:42:35.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23264 (GCVE-0-2025-23264)
Vulnerability from cvelistv5 – Published: 2025-06-24 15:21 – Updated: 2025-06-24 15:41
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron LM |
Affected:
All versions prior to 0.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:40:56.215413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:41:10.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Megatron LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:21:33.274Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23264",
"datePublished": "2025-06-24T15:21:33.274Z",
"dateReserved": "2025-01-14T01:06:23.291Z",
"dateUpdated": "2025-06-24T15:41:10.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23357 (GCVE-0-2025-23357)
Vulnerability from nvd – Published: 2025-11-11 16:17 – Updated: 2025-11-14 17:41
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T17:41:46.521995Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T17:41:52.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T16:17:18.904Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23357"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23357"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5712"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23357",
"datePublished": "2025-11-11T16:17:18.904Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-11-14T17:41:52.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23354 (GCVE-0-2025-23354)
Vulnerability from nvd – Published: 2025-09-24 13:14 – Updated: 2025-09-24 13:35
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:34:50.834164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:35:06.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:14:14.483Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23354"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23354"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23354",
"datePublished": "2025-09-24T13:14:14.483Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-09-24T13:35:06.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23353 (GCVE-0-2025-23353)
Vulnerability from nvd – Published: 2025-09-24 13:14 – Updated: 2025-09-24 13:36
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:35:45.447857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:36:05.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:14:03.249Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23353"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23353"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23353",
"datePublished": "2025-09-24T13:14:03.249Z",
"dateReserved": "2025-01-14T01:07:26.680Z",
"dateUpdated": "2025-09-24T13:36:05.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23349 (GCVE-0-2025-23349)
Vulnerability from nvd – Published: 2025-09-24 13:13 – Updated: 2025-09-24 13:40
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:36:53.692472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:40:17.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:51.189Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23349"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23349"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23349",
"datePublished": "2025-09-24T13:13:51.189Z",
"dateReserved": "2025-01-14T01:07:21.737Z",
"dateUpdated": "2025-09-24T13:40:17.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23348 (GCVE-0-2025-23348)
Vulnerability from nvd – Published: 2025-09-24 13:13 – Updated: 2025-09-24 13:57
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.13.1 and 0.12.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T13:52:40.359542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:57:24.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.13.1 and 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T13:13:43.423Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23348"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23348"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23348",
"datePublished": "2025-09-24T13:13:43.423Z",
"dateReserved": "2025-01-14T01:07:21.737Z",
"dateUpdated": "2025-09-24T13:57:24.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23306 (GCVE-0-2025-23306)
Vulnerability from nvd – Published: 2025-08-13 17:35 – Updated: 2025-08-13 17:59
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/
arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.12.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T17:58:45.828137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:59:02.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:35:43.759Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23306"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23306"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23306",
"datePublished": "2025-08-13T17:35:43.759Z",
"dateReserved": "2025-01-14T01:06:27.218Z",
"dateUpdated": "2025-08-13T17:59:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23305 (GCVE-0-2025-23305)
Vulnerability from nvd – Published: 2025-08-13 17:35 – Updated: 2025-08-13 18:02
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron-LM |
Affected:
All versions prior to 0.12.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T18:02:44.200690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T18:02:56.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"All platforms"
],
"product": "Megatron-LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution,escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T17:35:32.814Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23305"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23305"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23305",
"datePublished": "2025-08-13T17:35:09.438Z",
"dateReserved": "2025-01-14T01:06:27.218Z",
"dateUpdated": "2025-08-13T18:02:56.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23265 (GCVE-0-2025-23265)
Vulnerability from nvd – Published: 2025-06-24 15:29 – Updated: 2025-06-24 15:42
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron LM |
Affected:
All versions prior to 0.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:42:24.692323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:42:35.320Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Megatron LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:29:08.448Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23265",
"datePublished": "2025-06-24T15:29:08.448Z",
"dateReserved": "2025-01-14T01:06:23.291Z",
"dateUpdated": "2025-06-24T15:42:35.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-23264 (GCVE-0-2025-23264)
Vulnerability from nvd – Published: 2025-06-24 15:21 – Updated: 2025-06-24 15:41
VLAI?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
Severity ?
7.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NVIDIA | Megatron LM |
Affected:
All versions prior to 0.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-24T15:40:56.215413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:41:10.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux"
],
"product": "Megatron LM",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Code execution, escalation of privileges, information disclosure, data tampering"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T15:21:33.274Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2025-23264",
"datePublished": "2025-06-24T15:21:33.274Z",
"dateReserved": "2025-01-14T01:06:23.291Z",
"dateUpdated": "2025-06-24T15:41:10.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-23354
Vulnerability from fkie_nvd - Published: 2025-09-24 14:15 - Updated: 2025-10-10 18:24
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23354 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5698 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23354 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40688FC1-A694-40A0-8867-533D75E3D663",
"versionEndExcluding": "0.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "88170FF5-D7DD-4A93-AAF2-F242D0424C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "56C05919-6676-46E1-8B24-BE6A036B0EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CC73855-225F-470E-96CD-6E8B1E93DF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8E51E952-94AA-469B-AB40-999ADCBAE990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DABFE13-C8B5-44E2-9F40-54853739A83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "63A13E74-658C-44C8-BEA4-D3465DA42B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"id": "CVE-2025-23354",
"lastModified": "2025-10-10T18:24:20.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T14:15:49.170",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23354"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23354"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23353
Vulnerability from fkie_nvd - Published: 2025-09-24 14:15 - Updated: 2025-10-10 18:21
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23353 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5698 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23353 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40688FC1-A694-40A0-8867-533D75E3D663",
"versionEndExcluding": "0.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "88170FF5-D7DD-4A93-AAF2-F242D0424C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "56C05919-6676-46E1-8B24-BE6A036B0EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CC73855-225F-470E-96CD-6E8B1E93DF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8E51E952-94AA-469B-AB40-999ADCBAE990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DABFE13-C8B5-44E2-9F40-54853739A83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "63A13E74-658C-44C8-BEA4-D3465DA42B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering."
}
],
"id": "CVE-2025-23353",
"lastModified": "2025-10-10T18:21:55.320",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T14:15:49.000",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23353"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23353"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23349
Vulnerability from fkie_nvd - Published: 2025-09-24 14:15 - Updated: 2025-10-10 18:24
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23349 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5698 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23349 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40688FC1-A694-40A0-8867-533D75E3D663",
"versionEndExcluding": "0.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "88170FF5-D7DD-4A93-AAF2-F242D0424C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "56C05919-6676-46E1-8B24-BE6A036B0EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CC73855-225F-470E-96CD-6E8B1E93DF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8E51E952-94AA-469B-AB40-999ADCBAE990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DABFE13-C8B5-44E2-9F40-54853739A83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "63A13E74-658C-44C8-BEA4-D3465DA42B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"id": "CVE-2025-23349",
"lastModified": "2025-10-10T18:24:05.753",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T14:15:48.837",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23349"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23349"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23348
Vulnerability from fkie_nvd - Published: 2025-09-24 14:15 - Updated: 2025-10-10 18:24
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23348 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5698 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23348 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 | |
| nvidia | megatron-lm | 0.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40688FC1-A694-40A0-8867-533D75E3D663",
"versionEndExcluding": "0.12.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "88170FF5-D7DD-4A93-AAF2-F242D0424C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "56C05919-6676-46E1-8B24-BE6A036B0EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8CC73855-225F-470E-96CD-6E8B1E93DF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8E51E952-94AA-469B-AB40-999ADCBAE990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DABFE13-C8B5-44E2-9F40-54853739A83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:0.13.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "63A13E74-658C-44C8-BEA4-D3465DA42B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
}
],
"id": "CVE-2025-23348",
"lastModified": "2025-10-10T18:24:13.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-09-24T14:15:48.663",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23348"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23348"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23306
Vulnerability from fkie_nvd - Published: 2025-08-13 18:15 - Updated: 2025-09-19 17:05
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/
arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23306 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5685 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23306 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCE9E29-E9C4-449E-B916-4C16C45E5F94",
"versionEndExcluding": "0.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en el componente megatron/training/arguments.py que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar una entrada maliciosa. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."
}
],
"id": "CVE-2025-23306",
"lastModified": "2025-09-19T17:05:36.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-08-13T18:15:30.387",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23306"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23306"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23305
Vulnerability from fkie_nvd - Published: 2025-08-13 18:15 - Updated: 2025-09-19 17:05
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvd.nist.gov/vuln/detail/CVE-2025-23305 | Technical Description | |
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5685 | Vendor Advisory | |
| psirt@nvidia.com | https://www.cve.org/CVERecord?id=CVE-2025-23305 | Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DCE9E29-E9C4-449E-B916-4C16C45E5F94",
"versionEndExcluding": "0.12.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en el componente de herramientas, donde un atacante podr\u00eda explotar un problema de inyecci\u00f3n de c\u00f3digo. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."
}
],
"id": "CVE-2025-23305",
"lastModified": "2025-09-19T17:05:48.740",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-08-13T18:15:30.103",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23305"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685"
},
{
"source": "psirt@nvidia.com",
"tags": [
"Technical Description"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23305"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23265
Vulnerability from fkie_nvd - Published: 2025-06-24 16:15 - Updated: 2025-10-01 19:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5663 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A56AE39-D7D3-4462-A4D5-A440041FF2B7",
"versionEndExcluding": "0.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en un componente de Python que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar un archivo malicioso. Explotar esta vulnerabilidad puede provocar ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"id": "CVE-2025-23265",
"lastModified": "2025-10-01T19:44:47.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-24T16:15:26.183",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23264
Vulnerability from fkie_nvd - Published: 2025-06-24 16:15 - Updated: 2025-10-01 19:44
Severity ?
Summary
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@nvidia.com | https://nvidia.custhelp.com/app/answers/detail/a_id/5663 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nvidia | megatron-lm | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A56AE39-D7D3-4462-A4D5-A440041FF2B7",
"versionEndExcluding": "0.12.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering."
},
{
"lang": "es",
"value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en un componente de Python que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar un archivo malicioso. Explotar esta vulnerabilidad puede provocar ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."
}
],
"id": "CVE-2025-23264",
"lastModified": "2025-10-01T19:44:44.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
},
"published": "2025-06-24T16:15:25.990",
"references": [
{
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
],
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5663"
}
],
"sourceIdentifier": "psirt@nvidia.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "psirt@nvidia.com",
"type": "Secondary"
}
]
}