NVIDIA NeMo AI Curator Vulnerability Permits Code Execution and Privilege Escalation

NVIDIA launched a safety bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that impacts all prior variations of the Curator software program.

The flaw, rooted in improper dealing with of user-supplied information, permits a maliciously crafted file to be processed by NeMo Curator, resulting in code injection and arbitrary code execution.

Profitable exploitation can lead to unauthorized privilege escalation, disclosure of delicate info, and knowledge tampering.

This vulnerability is assessed below CWE-94 (Improper Management of Era of Code) and has been rated with a Base Rating of seven.8 (Excessive) utilizing the CVSS v3.1 customary.

The assault complexity is low, and no person interplay is required as soon as the malicious file is launched. The execution scope stays unchanged, however the confidentiality, integrity, and availability impacts are all excessive.

NVIDIA advises all customers working NeMo Curator on Home windows, Linux, or macOS to use the safety replace contained in Curator 25.07 at once.

Earlier software program branches are additionally impacted and may equally be upgraded to the most recent maintained launch. To put in the patch, go to the official NVIDIA GitHub repository or the NVIDIA Product Safety web page.

Affected Merchandise and Variations

 This threat evaluation displays a mean throughout numerous system configurations; organizations ought to consider their very own threat based mostly on deployment specifics.

Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Prompt Updates!