NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of the Curator software.
The flaw, rooted in improper handling of user-supplied files, allows a maliciously crafted file to be processed by NeMo Curator, leading to code injection and arbitrary code execution.
Successful exploitation can result in unauthorized privilege escalation, disclosure of sensitive information, and data tampering.
This vulnerability is classified under CWE-94 (Improper Control of Generation of Code) and has been rated with a Base Score of 7.8 (High) using the CVSS v3.1 standard.
| CVE ID | Description | Base Score | Severity |
| CVE-2025-23307 | A malicious file processed by NeMo Curator may allow code injection, leading to arbitrary code execution, privilege escalation, information disclosure, and data tampering. | 7.8 | High |
The attack complexity is low, and no user interaction is required once the malicious file is introduced. The execution scope remains unchanged, but the confidentiality, integrity, and availability impacts are all high.
NVIDIA advises all users operating NeMo Curator on Windows, Linux, or macOS to apply the security update contained in Curator 25.07 without delay.
Earlier software branches are also impacted and should similarly be upgraded to the latest maintained release. To install the patch, visit the official NVIDIA GitHub repository or the NVIDIA Product Security page.
Affected Products and Versions
| CVE ID | Affected Product | Platform(s) | Affected Versions | Updated Version |
| CVE-2025-23307 | NVIDIA NeMo Curator | Windows, Linux, macOS | All versions prior to Curator 25.07 | Curator 25.07 |
This risk assessment reflects an average across various system configurations; organizations should evaluate their own risk based on deployment specifics.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
