CVE-2025-23249

CVE-2025-23249

Name

CVE-2025-23249

Description

NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5641

Type

URI

psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/5641

Match rules

CPE URI	Source package	Min version	Max version
	nemo-framework	== All versions prior to 25.02	== All versions prior to 25.02
`cpe:2.3:a:nvidia:nemo::::::::`	nemo	>= None	< 25.02

CPE URI

Source package

Min version

Max version

nemo-framework

== All versions prior to 25.02

cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*

nemo

>= None

< 25.02

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
nemo	edge-community	6.4.2-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.3-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.4-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r1	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	3.22-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

nemo

edge-community

6.4.2-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

nemo

edge-community