CNNVD-202509-3864 Information

CNNVD ID

CNNVD-202509-3864

Related CVE

CVE-2025-23349

• CNNVD Published: 2025-09-24

Description (Chinese)

NVIDIA Megatron-LM是美国英伟达（NVIDIA）公司的一个基于PyTorch 的分布式训练框架，专门用于训练大型Transformer语言模型。 NVIDIA Megatron-LM存在代码注入漏洞，该漏洞源于tasks/orqa/unsupervised/nq.py组件存在代码注入漏洞，可能导致执行任意代码、权限提升、信息泄露和数据篡改。

Description (English)

NVIDIA Megatron-LM is a distributional training framework based on PyTorch, Inc. of the United States of America, dedicated to training large Transformer language models. NVIDIA Megatron-LM has a code-infusion loophole, which stems from a code-infusion gap in the tasks/orqa/unsubvised/nq.py components, which may lead to the implementation of any code, power-upgrading, information leaking and data manipulation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

NZBGet

Published

2025-09-24

Last Modified

2026-02-24

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23349 https://nvidia.custhelp.com/app/answers/detail/a_id/5698 https://www.cve.org/CVERecord?id=CVE-2025-23349

Patch

https://nvidia.custhelp.com/app/answers/detail/a_id/5698