Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

NeMo Framework

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2025-23315
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 18:30
Updated-26 Aug, 2025 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23314
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 18:30
Updated-26 Aug, 2025 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23313
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 18:30
Updated-26 Aug, 2025 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23312
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-Not Assigned
Published-26 Aug, 2025 | 18:29
Updated-26 Aug, 2025 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23251
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.6||HIGH
EPSS-0.17% / 38.11%
||
7 Day CHG+0.05%
Published-22 Apr, 2025 | 15:42
Updated-23 Apr, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23250
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.6||HIGH
EPSS-0.09% / 25.86%
||
7 Day CHG+0.02%
Published-22 Apr, 2025 | 15:35
Updated-23 Apr, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-23249
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.6||HIGH
EPSS-0.35% / 56.49%
||
7 Day CHG+0.15%
Published-22 Apr, 2025 | 15:30
Updated-23 Apr, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-23360
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.1||HIGH
EPSS-0.02% / 4.87%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 19:44
Updated-11 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Framework
CWE ID-CWE-23
Relative Path Traversal