Users are urged to download and install the latest Curator release from the NVIDIA NeMo GitHub repository and review detailed guidance on the NVIDIA Product Security portal.
A newly disclosed vulnerability, tracked as CVE-2025-23307, affects all platforms supported by NVIDIA NeMo Curator.
An attacker who crafts a malicious file and tricks the Curator environment into processing it could achieve remote code execution, privilege escalation, unauthorized disclosure of sensitive information, or data tampering.
The vulnerability stems from insufficient validation of user-supplied inputs before dynamic code evaluation (CWE-94).
Under the CVSS v3.1 assessment, this flaw carries a base score of 7.8, reflecting its high impact and relatively low exploitation complexity (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
NVIDIA’s risk assessment aggregates data from diverse deployments and may not fully represent the risk profile of every environment.
Administrators should evaluate the update’s urgency relative to their specific configurations and threat models.
To mitigate CVE-2025-23307, NVIDIA has published Curator version 25.07, which includes input sanitization and stricter evaluation controls.
All previous versions—across Windows, Linux, and macOS—are vulnerable. Users on older branch releases should upgrade to the latest branch to ensure continued protection.
| CVE ID | Affected Product | Platform | Affected Versions | Updated Version |
|---|---|---|---|---|
| CVE-2025-23307 | NVIDIA NeMo Curator | Windows, Linux, macOS | All versions prior to 25.07 | 25.07 |
Acknowledgements:
NVIDIA thanks D.K. for reporting CVE-2025-23307 and working with the NVIDIA Product Security Incident Response Team (PSIRT) to validate the fix.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Critical Flaws in NVIDIA NeMo AI Curator Allow System Takeover appeared first on Cyber Security News.
ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions, has recently observed a surge…
Microsoft has released an out-of-band hotpatch, KB5084897, addressing a critical Bluetooth device visibility issue impacting…
Microsoft has announced the release of an AI-powered troubleshooting capability for Microsoft Purview Data Lifecycle…
Illinois Senate Bill 3104 aims to make it easier for residents, including renters and condominium…
The first trailer for Dune: Part 3 has arrived, and it gives us our best…
Hulu’s hit new show Paradise has officially been renewed for its third season, just under…
This website uses cookies.