CVE-2025-23304
Published: 13 August 2025
Summary
CVE-2025-23304 is a high-severity Path Traversal (CWE-22) vulnerability in Nvidia Nemo. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 24.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2025-23304 resides in the model loading component of the NVIDIA NeMo library on all platforms. It stems from insufficient validation of metadata in .nemo files, enabling code injection that can lead to remote code execution and data tampering. The flaw maps to CWE-22 and CWE-94 and carries a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
An attacker with local access and the ability to cause a victim to load a malicious .nemo file can exploit the issue to inject and execute arbitrary code or alter data. No elevated privileges beyond standard user rights are required.
NVIDIA has published an advisory that addresses the vulnerability. Security practitioners should consult the vendor guidance at the referenced support portal for patch availability and recommended actions.
The associated EPSS score has remained low, reaching a peak of only 0.0147. The affected component is widely used in AI/ML workflows for loading trained models.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-24608
Vulnerability details
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code…
more
execution and data tampering.
- CWE(s)
Related Threats
Threat-Actor AttributionAI
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malicious .nemo file loading enables user execution of crafted content (T1204.002) and Python code injection (T1059.006) via the vulnerable model loader.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by identifying, reporting, and applying patches or updates to the flawed model loading component in the NVIDIA NeMo library.
Enforces validation of metadata in .nemo files to block code injection from maliciously crafted inputs during model loading.
Performs integrity checks on .nemo model files to detect tampering or malicious modifications prior to loading, reducing risk of code injection exploitation.