NVIDIA’s Megatron LM, a prominent framework for training large language models, has been found to contain critical security vulnerabilities that could enable attackers to inject malicious code and gain unauthorized access to systems. On June 24, 2025, NVIDIA released emergency security patches to address these high-severity issues affecting all versions of the platform prior to 0.12.0.
Overview of Code Injection Vulnerabilities
Two significant security flaws have been identified in NVIDIA’s Megatron LM framework, designated as CVE-2025-23264 and CVE-2025-23265. Both vulnerabilities stem from code injection weaknesses in Python components within the framework, classified under CWE-94 (Code Injection) in the Common Weakness Enumeration system.
These vulnerabilities carry a CVSS v3.1 base score of 7.8, marking them as high-severity threats. Security researchers Yu Rong and Hao Fan are credited with discovering and reporting these critical flaws to NVIDIA’s Product Security Incident Response Team (PSIRT).
The attack vector for both vulnerabilities follows the pattern AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity and low privileges required. Attackers can exploit these vulnerabilities by providing specially crafted malicious files to the Megatron LM system.
Upon successful exploitation, attackers could achieve multiple severe impacts, including code execution, escalation of privileges, information disclosure, and data tampering.
Mitigations
NVIDIA strongly recommends that all Megatron LM users immediately update to version 0.12.1 or later, available through the official GitHub repository. Organizations should prioritize this update due to the high-severity nature of these vulnerabilities.
The security update addresses both CVE-2025-23264 and CVE-2025-23265 simultaneously. Users running earlier software branch releases should upgrade to the latest branch release to ensure comprehensive protection.
NVIDIA emphasizes that their risk assessment represents an average across diverse installations, and individual organizations should evaluate risks specific to their configurations.
Organizations should also review their access controls and file handling procedures while implementing these updates to minimize potential attack surfaces.
