Code Injection Flaw in NVIDIA NeMo Library
CVE-2025-23304

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Nemo Framework
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-23304?

The NVIDIA NeMo library, utilized across various platforms, is susceptible to a code injection vulnerability within its model loading component. This flaw arises when .nemo files containing maliciously crafted metadata are loaded. If exploited, attackers could execute arbitrary code remotely, leading to potential data tampering and severe security implications for affected systems.

Affected Version(s)

NVIDIA NeMo Framework Windows All versions prior to 2.3.2

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23304

https://www.cve.org/CVERecord?id=CVE-2025-23304

https://nvidia.custhelp.com/app/answers/detail/a_id/5686

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23304?

Affected Version(s)

References

CVSS V3.1

Timeline