CNNVD-202508-1412 Information
CNNVD ID
CNNVD-202508-1412
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
NVIDIA Megatron-LM是美国英伟达(NVIDIA)公司的一个基于PyTorch 的分布式训练框架,专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞,该漏洞源于megatron/training/arguments.py组件可能导致代码注入,可能导致代码执行、权限提升、信息泄露和数据篡改。
Description (English)
NVIDIA Megatron-LM is a distributional training framework based on PyTorch, Inc. of the United States of America, dedicated to training large Transformer language models. NVIDIA Megatron-LM has a code-injection loophole, which originates from megatron/training/arguments.py components that can lead to code-injection, may lead to code execution, power enhancement, information leakage and data manipulation.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
英伟达
Published
2025-08-13
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23306 https://nvidia.custhelp.com/app/answers/detail/a_id/5685 https://www.cve.org/CVERecord?id=CVE-2025-23306
Patch
https://nvidia.custhelp.com/app/answers/detail/a_id/5685
Share on: