EXECUTIVE SUMMARY:
Two high-severity flaws were found in the AI framework, creating risks of code injection and unauthorized actions inside machine-learning pipelines. These issues allow an attacker to run harmful code, raise their privileges, access sensitive information, and change data. Both flaws stem from unsafe handling of user-controlled input inside core components of the framework. They affect all platforms, including local setups, shared systems, and cloud-based AI servers.
- CVE-2025-23361: This issue exists in a script that does not properly check attacker-controlled input. Because the script fails to validate dangerous or manipulated content, an attacker can influence how code is produced and executed. This can result in unauthorized code execution, unwanted privilege escalation, and exposure of private data. The flaw also allows attackers to adjust or tamper with internal files used in AI processes. It impacts all builds released before version 2.5.0.
- CVE-2025-33178: This weakness appears in the BERT services part of the framework, where harmful data can be crafted to trigger unsafe code injection. The component processes the data without proper checks, letting attackers’ plant and run harmful commands inside the system. The outcome includes the ability to execute code, increase privileges, steal information, or modify important machine-learning data.
RECOMMENDATION:
We strongly recommend you upgrade Nemo Framework to version 2.5.0 or later.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/high-severity-nvidia-nemo-framework-flaws-allow-code-injection-and-privilege-escalation-in-ai-pipelines/
