Two high-severity security vulnerabilities CVE-2025-23264 and CVE-2025-23265 have been discovered in NVIDIA’s Megatron LM large language model (LLM) framework. These vulnerabilities, both rated with a CVSS score of high, affect all versions of the platform prior to 0.12.0 and stem from code injection flaws in its Python components, classified under CWE-94 (Code Injection). Security researchers identified the flaws and responsibly disclosed them to NVIDIA’s PSIRT. In response, NVIDIA released emergency patches on June 24, 2025, urging immediate upgrades due to the critical risks posed to AI infrastructure.

The vulnerabilities allow attackers with local access and low-level privileges to inject specially crafted malicious files into the Megatron LM environment. These files exploit the framework's failure to properly sanitize input, resulting in remote code execution, privilege escalation, and access to sensitive data. More concerning is the potential for adversaries to tamper with AI models during training or inference stages, posing serious threats to model integrity and downstream AI applications. No user interaction is required, making the attack chain both silent and effective once access is gained.

The attack vector is characterized as AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, highlighting how a relatively unprivileged attacker with local system access can execute high-impact operations without any user interaction. The vulnerabilities affect Megatron LM deployments across all platforms, meaning enterprises using this framework particularly in high-performance computing and LLM development face considerable risk. Exploitation could lead to compromised data pipelines, manipulated model outputs, or full system control depending on the environment.

To mitigate the issue, NVIDIA has released version 0.12.1 of Megatron LM, which patches both CVEs. Organizations are strongly advised to upgrade immediately via the official GitHub repository. Additionally, NVIDIA recommends a review of access controls and secure file handling protocols to reduce exposure to similar threats. Given the role Megatron LM plays in training cutting-edge AI models, prompt patching and risk assessments are essential to maintain security and trust in AI workflows.