关键漏洞信息 CVE-2025-23354 Detail Description: NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifier script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. Metrics: CVSS Version 3.x Base Score: N/A (NVD assessment not yet provided) CNA Base Score: 7.8 HIGH Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Weakness Enumeration: CWE-ID: CWE-94 CWE Name: Improper Control of Generation of Code ('Code Injection') References: NVIDIA NVD Page NVIDIA Customer Support CVE Record Quick Info: CVE Dictionary Entry: CVE-2025-23354 NVD Published Date: 09/24/2025 NVD Last Modified: 09/24/2025 Source: NVIDIA Corporation