CVE-2025-23306

{"id": "CVE-2025-23306", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-08-13T18:15:30.387", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23306", "tags": ["Technical Description"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5685", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23306", "tags": ["Technical Description"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/\narguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Megatron-LM para todas las plataformas contiene una vulnerabilidad en el componente megatron/training/arguments.py que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar una entrada maliciosa. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "lastModified": "2025-09-19T17:05:36.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DCE9E29-E9C4-449E-B916-4C16C45E5F94", "versionEndExcluding": "0.12.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}