CVE-2025-23348
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-24
Last updated on: 2025-10-10
Assigner: NVIDIA Corporation
Description
Description
NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | megatron-lm | to 0.12.3 (exc) |
| nvidia | megatron-lm | 0.13.0 |
| nvidia | megatron-lm | 0.13.0 |
| nvidia | megatron-lm | 0.13.0 |
| nvidia | megatron-lm | 0.13.0 |
| nvidia | megatron-lm | 0.13.0 |
| nvidia | megatron-lm | 0.13.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
