CVE-2025-23303
Published: 13 August 2025
Summary
CVE-2025-23303 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nvidia Nemo. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 12.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
NVIDIA NeMo Framework for all platforms is affected by CVE-2025-23303, a deserialization of untrusted data vulnerability tracked under CWE-502. The flaw permits an attacker to trigger remote code execution through crafted input, with a CVSS 3.1 base score of 7.8 reflecting high impact on confidentiality, integrity, and availability.
An authenticated local user with low privileges can exploit the issue without user interaction by supplying malicious serialized data to the framework. Successful exploitation results in arbitrary code execution and data tampering on the affected system.
The EPSS score remains flat at 0.0324 with no material increase after disclosure. Official details and updates are available in the NVIDIA security advisory and the NVD entry linked from the CVE record.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24609
Vulnerability details
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unsafe deserialization enables local low-privileged arbitrary code execution, directly facilitating exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates the deserialization vulnerability by applying patches to prevent exploitation leading to code execution and data tampering.
Information input validation ensures untrusted data is checked before deserialization, directly preventing the unsafe deserialization attack vector.
Memory protection safeguards such as non-executable memory prevent arbitrary code execution resulting from deserialization exploits.