NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of the Curator software.
The flaw, rooted in improper handling of user-supplied files, allows a maliciously crafted file to be processed by NeMo Curator, leading to code injection and arbitrary code execution.
Successful exploitation can result in unauthorized privilege escalation, disclosure of sensitive information, and data tampering.
https://gbhackers.com/nvidia-nemo-ai-cu ... erability/