NVIDIA NeMo Framework 反序列化漏洞 (CVE-2025-23303)

### 关键漏洞信息 - **CVE ID**: CVE-2025-23303 - **发布日期**: 2025-08-13 - **更新日期**: 2025-08-13 - **CNA**: NVIDIA Corporation #### 描述 NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering. #### CWE - CWE-502: Deserialization of Untrusted Data #### CVSS - **评分**: 7.8 - **严重性**: HIGH - **版本**: 3.1 - **向量字符串**: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H #### 影响产品 - **厂商**: NVIDIA - **产品**: NVIDIA NeMo Framework - **平台**: Windows, Linux, macOS - **受影响版本**: All versions prior to 2.3.2 #### 参考链接 - https://nvd.nist.gov/vuln/detail/CVE-2025-23303 - https://www.cve.org/CVERecord?id=CVE-2025-23303 - https://nvidia.custhelp.com/app/answers/detail/a_id/5686

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

NVIDIA NeMo Framework 反序列化漏洞 (CVE-2025-23303)

目标达成感谢每一位支持者 — 我们达成了 100% 目标！