Platform
nvidia
Component
nemo
Fixed in
2.3.3
CVE-2025-23304 affects the NVIDIA NeMo Framework, a library used for building and deploying conversational AI models. This vulnerability resides within the model loading component, allowing an attacker to inject malicious code by crafting specially designed .nemo files containing harmful metadata. Successful exploitation could result in remote code execution and data tampering, impacting the integrity and confidentiality of AI models and related data. The vulnerability impacts all versions of NeMo Framework prior to 2.3.2, and a patch is available in version 2.3.2.
The primary impact of CVE-2025-23304 is remote code execution (RCE). An attacker can craft a malicious .nemo file containing crafted metadata. When this file is loaded by the NeMo Framework, the attacker’s code will be executed on the system. This could allow the attacker to gain control of the system, steal sensitive data used in AI model training, or modify the AI model's behavior. The blast radius extends to any system utilizing the vulnerable NeMo Framework version for model loading and deployment. This vulnerability is particularly concerning in environments where NeMo is used to process sensitive user data or control critical infrastructure, as it could lead to significant data breaches and system compromise.
CVE-2025-23304 was publicly disclosed on August 13, 2025. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is recommended to monitor security advisories and threat intelligence feeds for any signs of active exploitation. This vulnerability highlights the importance of secure model loading practices in AI development and deployment.
Exploit Status
EPSS
0.25% (48% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-23304 is to upgrade to NVIDIA NeMo Framework version 2.3.2 or later. This version includes a fix that prevents the code injection vulnerability. If upgrading immediately is not feasible, carefully scrutinize all .nemo files before loading them, especially those from untrusted sources. Consider implementing input validation to sanitize metadata within .nemo files. While a WAF is unlikely to directly address this vulnerability, network segmentation can limit the potential blast radius if a system is compromised. After upgrading, verify the fix by attempting to load a known malicious .nemo file (if available) and confirming that the code injection is prevented.
Actualice la biblioteca NVIDIA NeMo a la versión 2.3.2 o posterior. Esto solucionará la vulnerabilidad de inyección de código al cargar archivos .nemo con metadatos maliciosos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-23304 is a vulnerability in NVIDIA NeMo Framework where malicious .nemo files can trigger code injection, potentially leading to remote code execution and data tampering.
You are affected if you are using NVIDIA NeMo Framework versions prior to 2.3.2. All versions before 2.3.2 are vulnerable to this code injection attack.
Upgrade to NVIDIA NeMo Framework version 2.3.2 or later to remediate the vulnerability. Carefully scrutinize .nemo files from untrusted sources.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but monitoring is advised.
Refer to the NVIDIA security advisory for detailed information and updates regarding CVE-2025-23304: [https://www.nvidia.com/en-us/security/cve/CVE-2025-23304](https://www.nvidia.com/en-us/security/cve/CVE-2025-23304)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.