NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute arbitrary code and escalate privileges on affected systems.
The vulnerabilities affect all versions of the framework before 2.5.0, and users should update to 2.5.0 immediately.
| CVE ID | Description | CVSS Score | Severity |
|---|---|---|---|
| CVE-2025-23361 | Improper control of code generation in script component | 7.8 | High |
| CVE-2025-33178 | Code injection in BERT services component | 7.8 | High |
The first vulnerability, tracked as CVE-2025-23361, exists in a script component of the NeMo Framework where improper control of code generation allows attackers to inject malicious input.
If successfully exploited, this flaw enables complete code execution, privilege escalation, unauthorized information disclosure, and data tampering.
The second vulnerability, CVE-2025-33178, affects the BERT services component and introduces a code-injection vulnerability via malicious data.
Like its counterpart, successful exploitation leads to code execution, privilege escalation, information disclosure, and data manipulation.
Both vulnerabilities carry a CVSS v3.1 base score of 7.8 and are classified as High severity. They require local access and low privileges to exploit, meaning an authenticated attacker on the system can trigger these flaws without user interaction.
The vulnerabilities are rooted in improper input validation and code generation controls, categorized under CWE-94: Improper Control of Generation of Code.
The threat landscape for these vulnerabilities is particularly concerning because they enable a complete compromise of system integrity.
An attacker exploiting these flaws could gain unauthorized access to sensitive data, modify critical information, or use the compromised system as a foothold for lateral movement within an organization’s network.
NVIDIA recommends that all users of the NeMo Framework immediately update to version 2.5.0 or later.
The updated version is available on NVIDIA’s GitHub repository and PyPI package repository. Organizations using earlier branch releases should upgrade to the latest available branch release to ensure complete protection against these threats.
The vulnerabilities were discovered and reported by security researchers at TencentAISec and Guanheng Liu and Pinji Chen from the NISL lab at Tsinghua University, demonstrating the importance of responsible vulnerability disclosure in the AI and machine learning security community.
For organizations heavily invested in NVIDIA’s machine learning frameworks, this update is not optional.
The combination of high CVSS scores and the potential for complete system compromise makes immediate patching essential.
Security teams should prioritize testing and deploying version 2.5.0 in their environments and verify that all instances of the NeMo Framework are running the patched version.
Users concerned about their specific system risk should evaluate their deployment configurations against NVIDIA’s risk assessment framework, which accounts for the diversity of installed systems.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.