Platform
python
Component
nvidia/megatron-lm
Fixed in
0.12.1
CVE-2025-23265 describes a code injection vulnerability discovered in NVIDIA Megatron-LM, a framework for large language model training. An attacker can exploit this flaw by providing a malicious file, potentially leading to severe consequences including code execution and data compromise. This vulnerability affects all versions of Megatron-LM prior to 0.12.0. A patch has been released in version 0.12.0.
Successful exploitation of CVE-2025-23265 allows an attacker to inject and execute arbitrary code within the Megatron-LM environment. This could lead to complete system compromise, enabling the attacker to steal sensitive training data, modify model parameters, or even gain control of the underlying infrastructure. The potential for privilege escalation is significant, as the attacker could leverage the injected code to gain higher-level access. Data tampering could corrupt the training process, leading to biased or unreliable models. The blast radius extends to any system running vulnerable versions of Megatron-LM, particularly those involved in critical AI model development and deployment.
CVE-2025-23265 has been published on 2025-06-24. The vulnerability's impact is amplified by the increasing reliance on large language models and the sensitivity of the data used to train them. Public proof-of-concept exploits are not currently available, but the potential for exploitation is considered medium due to the ease of file upload in many deployments. It is not currently listed on CISA KEV.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-23265 is to immediately upgrade to NVIDIA Megatron-LM version 0.12.0 or later. If upgrading is not immediately feasible, implement strict input validation on all files processed by Megatron-LM. Specifically, sanitize file names and content to prevent the injection of malicious code. Consider using a Web Application Firewall (WAF) to filter potentially harmful file uploads. Regularly review and update the Megatron-LM configuration to minimize the attack surface. After upgrading, verify the fix by attempting to upload a known malicious file and confirming that it is rejected or handled safely.
Actualice NVIDIA Megatron-LM a la versión 0.12.0 o posterior. Esto corregirá la vulnerabilidad de inyección de código. Consulte el aviso de seguridad de NVIDIA para obtener más detalles.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-23265 is a code injection vulnerability affecting NVIDIA Megatron-LM versions before 0.12.0. An attacker can exploit this by providing a malicious file, potentially leading to code execution and data compromise.
You are affected if you are using NVIDIA Megatron-LM versions prior to 0.12.0. Upgrade immediately to mitigate the risk.
Upgrade to NVIDIA Megatron-LM version 0.12.0 or later. If immediate upgrade is not possible, implement strict input validation and consider using a WAF.
There are currently no confirmed reports of active exploitation, but the vulnerability's potential impact warrants immediate attention and remediation.
Refer to the NVIDIA security bulletin for detailed information and updates regarding CVE-2025-23265: [https://www.nvidia.com/en-us/security/cve/CVE-2025-23265](https://www.nvidia.com/en-us/security/cve/CVE-2025-23265)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.