关键漏洞信息 CVE-2025-23298 Detail 状态 Awaiting Analysis: This CVE record has been marked for NVD enrichment efforts. 描述 NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. 快速信息 CVE Dictionary Entry: CVE-2025-23298 NVD Published Date: 08/13/2025 NVD Last Modified: 08/14/2025 Source: NVIDIA Corporation 指标 CVSS Version 3.x Base Score: 7.8 HIGH Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 弱点枚举 CWE-ID: CWE-94 CWE Name: Improper Control of Generation of Code ('Code Injection') Source: NVIDIA Corporation 变更历史 1 change records found [show changes]