CVE-2025-23304
Published: 13 August 2025
Summary
CVE-2025-23304 is a high-severity Path Traversal (CWE-22) vulnerability in Nvidia Nemo. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 36.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by identifying, reporting, and applying patches or updates to the flawed model loading component in the NVIDIA NeMo library.
Enforces validation of metadata in .nemo files to block code injection from maliciously crafted inputs during model loading.
Performs integrity checks on .nemo model files to detect tampering or malicious modifications prior to loading, reducing risk of code injection exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malicious .nemo file loading enables user execution of crafted content (T1204.002) and Python code injection (T1059.006) via the vulnerable model loader.
NVD Description
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code…
more
execution and data tampering.
Deeper analysisAI
CVE-2025-23304 is a vulnerability in the NVIDIA NeMo library across all platforms, specifically within the model loading component. It enables code injection when loading .nemo files with maliciously crafted metadata, potentially leading to remote code execution and data tampering. The issue is associated with CWE-22 (path traversal) and CWE-94 (code injection), earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. By convincing a user or process to load a malicious .nemo file, the attacker achieves high-impact effects on confidentiality, integrity, and availability, including arbitrary code execution within the affected process and data tampering.
Mitigation details are available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5686, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-23304, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-23304. Security practitioners should consult these for patching instructions and workarounds.
Details
- CWE(s)