We use cookies to improve your experience on our site.
AVID-2026-R1665
Description
Vulnerability CVE-2025-23360
Details
NVIDIA Nemo Framework contains a vulnerability where a user could cause a relative path traversal issue by arbitrary file write. A successful exploit of this vulnerability may lead to code execution and data tampering.
Reason for inclusion in AVID: CVE-2025-23360 describes a relative path traversal vulnerability in NVIDIA Nemo Framework that can lead to code execution and data tampering. Nemo is an AI framework used to build, train, deploy, and run AI systems, making this a software supply-chain issue within AI pipelines. The flaw is exploitable locally with low attack complexity and requires user interaction, representing a security/safety vulnerability with potential integrity and availability impact. The report provides explicit vulnerability behavior and references.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | NeMo Framework |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
| Base Score | 7.1 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-23 | CWE-23: Relative Path Traversal |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-03-11
- Version: 0.3.3
- AVID Entry