Severity
Medium
Analysis Summary
CVE-2025-23260 CVSS:5
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-23265 CVSS:7.8
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
CVE-2025-23264 CVSS:7.8
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-23260
CVE-2025-23265
CVE-2025-23264
Affected Vendors
- NVIDIA
Affected Products
- NVIDIA AIStore
- NVIDIA Megatron LM
Remediation
Refer to NVIDIA Security Advisory for patch, upgrade, or suggested workaround information.