CVE-2025-23357 Detail Quick Info CVE Dictionary Entry: CVE-2025-23357 NVD Published Date: 11/11/2025 NVD Last Modified: 11/11/2025 Source: NVIDIA Corporation Description NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering. Metrics CVSS 3.x Severity and Vector Strings: - Base Score: 7.8 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References NVD Detail NVIDIA Support CVE Record Weakness Enumeration CWE-ID: CWE-94 CWE Name: Improper Control of Generation of Code ('Code Injection') Source: NVIDIA Corporation