{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.12.3" }, { "introduced": "0" }, { "last_affected": "0.13.0-NA" }, { "introduced": "0" }, { "last_affected": "0.13.0-rc0" }, { "introduced": "0" }, { "last_affected": "0.13.0-rc1" }, { "introduced": "0" }, { "last_affected": "0.13.0-rc2" }, { "introduced": "0" }, { "last_affected": "0.13.0-rc3" }, { "introduced": "0" }, { "last_affected": "0.13.0-rc4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "3ea68ad6042cc1204386ae9364358f7c4de1bc37" }, { "introduced": "0" }, { "last_affected": "c550cf6c41c31cd3ec72e05c25ea0c979f2b6631" }, { "introduced": "0" }, { "last_affected": "d8180ef8ed0bb6f305dcdedf1b27d91304f361a3" }, { "introduced": "0" }, { "last_affected": "7da88d74865c3f1a59894173246f26e7b3bf91b9" }, { "introduced": "0" }, { "last_affected": "001d15c455caa88fdb495435842f25ae69d2c1c3" }, { "introduced": "0" }, { "last_affected": "9b9ea83efb004de4672bffd5daf51bb0b1c661fc" }, { "introduced": "0" }, { "last_affected": "ac198fc0d60a8c748597e01ca4c6887d3a7bcf3d" } ], "repo": "https://github.com/nvidia/megatron-lm", "type": "GIT" } ] } ], "details": "NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.", "id": "CVE-2025-23348", "modified": "2026-03-15T21:44:48.969002947Z", "published": "2025-09-24T14:15:48.663Z", "references": [ { "type": "ADVISORY", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5698" }, { "type": "ARTICLE", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23348" }, { "type": "ARTICLE", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23348" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }