Severity
Medium
Analysis Summary
CVE-2025-23253 CVSS:2.5
NVIDIA NvContainer service for Windows has a security weakness related to OpenSSL usage. An attacker could potentially exploit this vulnerability by placing a malicious DLL in a specific predefined path. If successfully exploited, this vulnerability could allow dangerous actions like code execution, disrupting system operations, gaining higher system access, revealing sensitive information, or modifying data.
CVE-2025-23249 CVSS:7.6
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVE-2025-23251 CVSS:7.6
NVIDIA NeMo Framework has a remote code execution vulnerability that allows a user to improperly control code generation. If exploited successfully, this security issue could potentially result in unauthorized code execution and the manipulation of data.
CVE-2025-23250 CVSS:7.6
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.
Impact
- Privilege Escalation
- Code Execution
- Denial of Service
- Data Manipulation
- Information Disclosure
- Gain Access
Indicators of Compromise
CVE
CVE-2025-23253
CVE-2025-23249
CVE-2025-23251
CVE-2025-23250
Affected Vendors
- NVIDIA
Affected Products
- NVIDIA NeMo Framework - 25.02
- NVIDIA App - 11.0.2.337 (prod2 hotfix)
Remediation
Upgrade to the latest version, available from the NVIDIA Website.