CVE-2025-23264

Source
https://cve.org/CVERecord?id=CVE-2025-23264
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23264.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23264
Published
2025-06-24T15:21:33.274Z
Modified
2026-07-08T07:09:22.630366618Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.

Database specific
{
    "cna_assigner": "nvidia",
    "cwe_ids": [
        "CWE-94"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "All versions prior to 0.12.0"
                },
                {
                    "last_affected": "All versions prior to 0.12.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23264.json"
}
References

Affected packages

Git / github.com/nvidia/megatron-lm

Affected ranges

Type
GIT
Repo
https://github.com/nvidia/megatron-lm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.12.1"
        }
    ],
    "cpe": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

23.*
23.04
23.06
25.*
25.04-alpha.rc1
NVLM-1.*
NVLM-1.0
core_v0.*
core_v0.12.0
core_v0.12.0rc2
core_v0.12.0rc3
Other
megatron-main-before-moe
v0.*
v0.12.0rc2
v0.12.0rc3
v1.*
v1.0
v2.*
v2.0
v2.5
v2.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23264.json"