Ddos 
Nvidia has issued an important security update addressing multiple high-severity vulnerabilities in its open-source Megatron-LM project, a large language model (LLM) framework widely used in AI research and enterprise environments.
The update addresses four CVEs, each carrying a CVSS base score of 7.8 (High) and posing risks such as code execution, privilege escalation, information disclosure, and data tampering.
- CVE-2025-23348 – Found in the pretrain_gpt script, where “malicious data created by an attacker may cause a code injection issue.”
- CVE-2025-23349 – Located in tasks/orqa/unsupervised/nq.py, enabling attackers to inject malicious code.
- CVE-2025-23353 – Present in the msdp preprocessing script, which can also be exploited for code injection.
- CVE-2025-23354 – Discovered in the ensemble_classifier script, allowing attackers to tamper with inputs and execute arbitrary code.
Each of these vulnerabilities could allow attackers to compromise AI workflows running on Megatron-LM, making them especially dangerous in research and production settings where sensitive data may be processed.
AI frameworks like Megatron-LM often operate in high-performance computing (HPC) environments where vast amounts of sensitive training data and intellectual property are handled. The ability for attackers to inject malicious code into these workflows could have cascading effects, from stolen model data to sabotaged training processes.
The vulnerabilities affect all versions of Megatron-LM prior to 0.13.1 and 0.12.3 across Windows, Linux, and macOS platforms. Nvidia urges users to apply the update immediately.
Related Posts:
- Double Injection Risk in NVIDIA Megatron-LM: Code Execution Flaws Patched in v0.12.1
- AI’s Dark Side: Hackers Harnessing ChatGPT and LLMs for Malicious Attacks
- Hacker group threatens to expose Nvidia driver and firmware data
- Path Traversal at Scale: Study Uncovers 1,756 Vulnerable GitHub Projects and LLM Contamination
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
