CVE-2025-23360

CVE-2025-23360

Name

CVE-2025-23360

Description

NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5623

Type

URI

psirt@nvidia.com

https://nvidia.custhelp.com/app/answers/detail/a_id/5623

Match rules

CPE URI	Source package	Min version	Max version
	nemo-framework	== All versions prior to 24.12	== All versions prior to 24.12
`cpe:2.3:a:nvidia:nemo::::::::`	nemo	>= None	< 24.12

CPE URI

Source package

Min version

Max version

nemo-framework

== All versions prior to 24.12

cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*

nemo

>= None

< 24.12

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
nemo	edge-community	6.4.2-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.3-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.4-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	edge-community	6.4.5-r1	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable
nemo	3.22-community	6.4.5-r0	Hugo Osvaldo Barrera <hugo@whynothugo.nl>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

nemo

edge-community

6.4.2-r0

Hugo Osvaldo Barrera <hugo@whynothugo.nl>

possibly vulnerable

nemo

edge-community