CNNVD-202509-3863 Information

CNNVD ID

CNNVD-202509-3863

Related CVE

CVE-2025-23348

• CNNVD Published: 2025-09-24

Description (Chinese)

NVIDIA Megatron-LM是美国英伟达（NVIDIA）公司的一个基于PyTorch 的分布式训练框架，专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞，该漏洞源于pretrain_gpt脚本可能处理恶意数据，可能导致代码注入、权限提升、信息泄露和数据篡改。

Description (English)

NVIDIA Megatron-LM is a distributional training framework based on PyTorch, Inc. of the United States of America, dedicated to training large Transformer language models. NVIDIA Megatron-LM has a code-infusion loophole, which stems from the fact that pretrain gpt scripts may deal with malicious data, which may lead to code injection, power enhancement, information leak and data manipulation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

NZBGet

Published

2025-09-24

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23348 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 https://www.cve.org/CVERecord?id=CVE-2025-23348 https://access.redhat.com/security/cve/cve-2025-23348

Patch

https://nvidia.custhelp.com/app/answers/detail/a_id/5698