NVIDIA NeMo Framework 存在一个漏洞，攻击者可能通过任意文件写入导致路径名对受限目录的限制不当。成功利用此漏洞可能导致代码执行和数据篡改。

该漏洞允许攻击者通过任意文件写入绕过路径限制，从而可能执行恶意代码或篡改敏感数据。攻击者可以利用此漏洞上传恶意脚本，并在NeMo Framework环境中执行，从而获取对系统的控制权。此外，攻击者还可以修改或删除关键文件，导致系统崩溃或数据丢失。由于NeMo Framework通常用于处理大规模语言模型和语音数据，因此该漏洞可能导致敏感信息的泄露和滥用。攻击者可能利用此漏洞窃取训练数据、模型权重或其他敏感信息，并将其用于恶意目的。

Organizations utilizing NVIDIA NeMo Framework for machine learning model development, deployment, or inference are at risk. This includes research institutions, AI startups, and enterprises leveraging NeMo for natural language processing tasks. Specifically, deployments that rely on user-provided data or configurations without robust input validation are particularly vulnerable.

• python / framework: Inspect NeMo Framework application code for file writing operations. Look for instances where user-supplied input is directly used in file paths without proper sanitization.

import os

def write_file(filename, data):
    with open(filename, 'w') as f:
        f.write(data)

# Vulnerable code: filename is directly from user input
filename = input("Enter filename: ")
write_file(filename, "Some data")

• generic web: Monitor web server access logs for requests containing unusual or unexpected file paths within NeMo Framework application directories. Look for patterns indicative of directory traversal attempts. • generic web: Check for unexpected files appearing in NeMo Framework application directories, particularly files with unusual extensions or names.

1. 2025-04-22Disclosure

   disclosure

1. 已保留2025-01-14
2. 发布日期2025-04-22
3. 修改日期2026-02-26
4. EPSS 更新日期2026-03-23

修复此漏洞的首要措施是立即升级到NVIDIA NeMo Framework 25.02或更高版本。如果升级会造成系统中断，可以考虑回滚到之前的稳定版本，并实施额外的安全措施。例如，可以配置防火墙规则，限制对NeMo Framework服务的访问；或者使用Web应用防火墙（WAF）来检测和阻止恶意请求。此外，建议定期审查NeMo Framework的配置，确保其遵循最佳安全实践。升级后，请验证NeMo Framework的版本，确认已成功升级至修复版本。