CVE-2025-23250

CVE-2025-23250

Name

CVE-2025-23250

Description

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5641

Type

URI

psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/5641

Match rules

CPE URI	Source package	Min version	Max version
	nemo-framework	== All versions prior to 25.02	== All versions prior to 25.02
`cpe:2.3:a:nvidia:nemo::::::::`	nemo	>= None	< 25.02

CPE URI

Source package

Min version

Max version

nemo-framework

== All versions prior to 25.02

cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*

nemo

>= None

< 25.02

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
nemo	edge-community	6.4.2-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.3-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.4-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r1	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	3.22-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

nemo

edge-community

6.4.2-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

nemo

edge-community