NVIDIA has issued a critical security update for its NeMo Framework, responding to two vulnerabilities identified as CVE-2025-23361 and CVE-2025-33178, both rated at a CVSS score of 7.8. These vulnerabilities could enable attackers to execute malicious code and elevate privileges on systems using versions prior to 2.5.0. The first vulnerability, CVE-2025-23361, involves improper control of code generation, allowing for potential exploitation through a framework script. The second, CVE-2025-33178, occurs in the Bert services component, facilitating code injection via malicious data.
Both flaws demand local access with low privileges, thus increasing the risk for organizations with earlier versions. Security researchers from TencentAISec and Tsinghua University’s NISL lab reported these vulnerabilities, underscoring the need for collaborative research in security. Organizations are urged to upgrade to version 2.5.0 or higher to mitigate the risks associated with these vulnerabilities. Immediate action is recommended for those using affected versions, regardless of platform.
👉 Pročitaj original: Cyber Security News
