NVIDIA NeMo Framework Untrusted Data Deserialization Vulnerability (CVE-2025-23303)

### Critical Vulnerability Information - **CVE ID**: CVE-2025-23303 - **Release Date**: 2025-08-13 - **Update Date**: 2025-08-13 - **CNA**: NVIDIA Corporation #### Description NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause deserialization of untrusted data via remote code execution. A successful exploitation of this vulnerability might result in code execution and data tampering. #### CWE - CWE-502: Deserialization of Untrusted Data #### CVSS - **Score**: 7.8 - **Severity**: HIGH - **Version**: 3.1 - **Vector String**: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H #### Affected Products - **Vendor**: NVIDIA - **Product**: NVIDIA NeMo Framework - **Platforms**: Windows, Linux, macOS - **Affected Versions**: All versions prior to 2.3.2 #### References - https://nvd.nist.gov/vuln/detail/CVE-2025-23303 - https://www.cve.org/CVERecord?id=CVE-2025-23303 - https://nvidia.custhelp.com/app/answers/detail/a_id/5686

Goal Reached Thanks to every supporter — we hit 100%!

NVIDIA NeMo Framework Untrusted Data Deserialization Vulnerability (CVE-2025-23303)