### 关键漏洞信息 #### 漏洞详情 | CVE ID | 描述 | 向量 | 基本评分 | 严重性 | CWE | 影响 | |--------|------|------|----------|--------|-----|------| | CVE-2025-23303 | NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | AV:LOCAL/PR:LOW/UI:N/S:C/C:H/I:H/A:H | 7.8 | 高 | CWE-502 | 代码执行、数据篡改 | | CVE-2025-23304 | NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading stereo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering. | AV:LOCAL/PR:LOW/UI:N/S:C/C:H/I:H/A:H | 7.8 | 高 | CWE-94 | 代码执行、数据篡改 | #### 安全更新 | CVE ID | 受影响产品 | 平台或操作系统 | 受影响版本 | 更新版本 | |--------|------------|----------------|------------|----------| | CVE-2025-23303CVE-2025-23304 | NVIDIA NeMo Framework | Windows, Linux, macOS | 所有版本低于2.3.2 | 2.3.2 | #### 注意事项 - 更早的软件分支发布也受到影响。如果使用的是较早的分支版本,请升级到最新分支发布。 #### 致谢 - 感谢上海大学的Peng Zhou报告CVE-2025-23303问题。 - 感谢Palo Alto Networks的Ali Islam报告CVE-2025-23304问题。