NVIDIA NeMo Path Traversal Leading to RCE (CVE-2025-23304)

## Critical Vulnerability Information ### CVE-2025-23304 Detail #### Description The NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component. An attacker could trigger code injection by loading .nemo files containing maliciously crafted metadata. Successful exploitation of this vulnerability may result in remote code execution and data tampering. #### Metrics - **CVSS Version 3.x** - Base Score: 7.8 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H - **CVSS Version 2.0** - NVD assessment not yet provided. #### References to Advisories, Solutions, and Tools - [NVIDIA Corporation](https://nvd.nist.gov/vuln/detail/CVE-2025-23304) - [NVIDIA Corporation](https://nvidia.custhelp.com/app/answers/detail/a_id/5986) - [CVE Record](https://www.cve.org/CVERecord?id=CVE-2025-23304) #### Weakness Enumeration - **CWE-ID**: CWE-22 - **CWE Name**: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') #### Change History 1 change record found.

Goal Reached Thanks to every supporter — we hit 100%!

NVIDIA NeMo Path Traversal Leading to RCE (CVE-2025-23304)