Vulnerability cyber

NVIDIA

Jun 25, 2025 1 min read
NVIDIA

NVIDIA released emergency security patches addressing two high-severity vulnerabilities in their Megatron LM large language model framework. These vulnerabilities, CVE-2025-23264 and CVE-2025-23265, affect all versions prior to 0.12.0. Exploitation of these flaws could allow attackers to execute code, escalate privileges, access data, and tamper with AI models through malicious file injection. The vulnerabilities were discovered by security researchers Yu Rong and Hao Fan and classified under CWE-94 with a CVSS v3.1 base score of 7.8. NVIDIA urges immediate updates to version 0.12.1 or later to mitigate these risks.

Source: https://cybersecuritynews.com/nvidia-megatron-lm-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/nvidia

"id": "nvi900062525",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "6/2025",
"severity": "50",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'NVIDIA',
                        'type': 'Company'}],
 'attack_vector': 'Local access with low privileges needed to exploit '
                  'vulnerabilities via specially crafted files',
 'date_publicly_disclosed': '2025-06-24',
 'description': 'Critical security vulnerabilities in NVIDIA Megatron LM large '
                'language model framework that could allow attackers to inject '
                'malicious code and gain unauthorized system access.',
 'impact': {'systems_affected': 'AI infrastructure deployments'},
 'initial_access_broker': {'entry_point': 'Local system access with low '
                                          'privileges'},
 'post_incident_analysis': {'corrective_actions': 'Security update to address '
                                                  'both CVE-2025-23264 and '
                                                  'CVE-2025-23265',
                            'root_causes': 'Code injection weaknesses in '
                                           'Python components within the '
                                           'framework'},
 'recommendations': 'Users should upgrade to the latest version of Megatron LM '
                    'and review access controls and file handling procedures.',
 'references': [{'source': "NVIDIA's Product Security Incident Response Team "
                           '(PSIRT)'}],
 'response': {'remediation_measures': 'Immediate upgrade to Megatron LM '
                                      'version 0.12.1+'},
 'title': 'Critical Security Vulnerabilities in NVIDIA Megatron LM',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2025-23264', 'CVE-2025-23265']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.