CVE-2025-23249

Published Apr 22, 2025

Last updated 2 months ago

CVSS high 7.6

Overview

Description
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Source
psirt@nvidia.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
Severity
HIGH

Weaknesses

psirt@nvidia.com
CWE-502

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades en NVIDIA NeMo Framework ❗CVE-2025-23249 ❗CVE-2025-23250 ❗CVE-2025-23251 ➡️Más info: https://t.co/mlyy1koDqI https://t.co/s7ewdaO127

    @CERTpy

    28 Apr 2025

    89 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. NVIDIAの生成AI基盤「NeMo Framework」において、リモートコード実行の恐れがある深刻な脆弱性が3件(CVE-2025-23249〜23251)発見された。AIシステムの乗っ取りやデータ改ざんのリスクが指摘されている。

    @yousukezan

    24 Apr 2025

    518 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-23249 🔴 HIGH (7.6) 🏢 NVIDIA - NeMo Framework 🏗️ All versions prior to 25.02 🔗 https://t.co/ue9mjoGeER #CyberCron #VulnAlert #InfoSec https://t.co/R339ptKouX

    @cybercronai

    24 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-23249 NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vul… https://t.co/E8g3cN3YWj

    @CVEnew

    22 Apr 2025

    332 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.