NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code
gbhackers
NVIDIA has issued an urgent security update for its open-source Megatron-LM framework, following the discovery of two critical vulnerabilities that could allow attackers to inject and execute malicious code on affected systems.
The flaws, tracked as CVE-2025-23264 and CVE-2025-23265, impact all platforms running Megatron-LM versions prior to 0.12.0 and have prompted a swift response from NVIDIA’s security team.
| CVE ID | Description | CVSS v3.1 Score | Severity |
| CVE-2025-23264 | Python component code injection via malicious file, leading to code execution, privilege escalation, info disclosure, data tampering | 7.8 | High |
| CVE-2025-23265 | Python component code injection via malicious file, leading to code execution, privilege escalation, info disclosure, data tampering | 7.8 | High |
Double Injection Risk in Megatron-LM
Megatron-LM is widely used for training large transformer-based neural networks, making it a foundational tool in enterprise AI, high-performance computing, and research environments.
The newly disclosed vulnerabilities stem from ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE