CNNVD-202509-3862 Information
CNNVD ID
CNNVD-202509-3862
Related CVE
- CNNVD Published: 2025-09-24
Description (Chinese)
NVIDIA Megatron-LM是美国英伟达(NVIDIA)公司的一个基于PyTorch 的分布式训练框架,专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞,该漏洞源于msdp预处理脚本可能被注入恶意数据,可能导致代码执行、权限提升、信息泄露和数据篡改。
Description (English)
NVIDIA Megatron-LM is a distributional training framework based on PyTorch, Inc. of the United States of America, dedicated to training large Transformer language models. NVIDIA Megatron-LM has a code-infusion loophole, which stems from the possibility that msdp preprocessed scripts may be injected into malicious data, which may lead to code execution, power enhancement, information leakage and data manipulation.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
NZBGet
Published
2025-09-24
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23353 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 https://www.cve.org/CVERecord?id=CVE-2025-23353
Patch
https://nvidia.custhelp.com/app/answers/detail/a_id/5698
Share on: