{"id":"CVE-2025-23361","details":"NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.","modified":"2026-03-14T15:04:04.394346Z","published":"2025-11-11T17:15:41.260Z","references":[{"type":"ADVISORY","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5718"},{"type":"ARTICLE","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23361"},{"type":"ARTICLE","url":"https://www.cve.org/CVERecord?id=CVE-2025-23361"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nvidia/nemo","events":[{"introduced":"0"},{"fixed":"ddcb2d6935045a556329f1afa653b8d918c36479"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.5.0"}]}}],"versions":["r0.8","v0.10.0","v0.10.1","v0.8.1","v0.8.2","v0.9.0","v1.0.0","v1.0.0b1","v1.0.0b2","v1.0.0rc1","v1.0.1","v1.0.2","v1.6.2","v2.2.0rc0","v2.2.0rc1","v2.5.0rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23361.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}