Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2025-23349

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Published: Sep 24, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-23349
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
nvidia / megatron-lm	-	0.12.3
nvidia / megatron-lm	0.13.0	0.13.0.x
nvidia / megatron-lm	0.13.0-rc0	0.13.0-rc0.x
nvidia / megatron-lm	0.13.0-rc1	0.13.0-rc1.x
nvidia / megatron-lm	0.13.0-rc2	0.13.0-rc2.x
nvidia / megatron-lm	0.13.0-rc3	0.13.0-rc3.x
nvidia / megatron-lm	0.13.0-rc4	0.13.0-rc4.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo