CVE-2025-23307 is a vulnerability classified under CWE-94 (Improper Control of Generation of Code) found in NVIDIA NeMo Curator, a tool used for managing and curating AI models and datasets. The flaw exists in the way the software processes files, allowing an attacker to craft a malicious file that, when processed by NeMo Curator, results in arbitrary code execution. This vulnerability affects all versions prior to Curator 25.07 across all supported platforms. The attack vector is local (AV:L), requiring the attacker to have low privileges (PR:L) on the system but does not require user interaction (UI:N). The vulnerability allows an attacker to escalate privileges, disclose sensitive information, and tamper with data, impacting confidentiality, integrity, and availability. The CVSS v3.1 base score is 7.8, reflecting high severity due to the combination of local access, low complexity, and significant impact. No public exploits have been reported yet, but the potential for exploitation exists given the nature of the vulnerability. The root cause is improper validation and control over code generation from input files, enabling code injection. This vulnerability is critical for organizations relying on NVIDIA NeMo Curator for AI workflows, particularly those handling sensitive or proprietary data.

The impact of CVE-2025-23307 is substantial for organizations using NVIDIA NeMo Curator. Successful exploitation can lead to arbitrary code execution with escalated privileges, allowing attackers to gain control over affected systems. This can result in unauthorized access to sensitive AI models and datasets, data tampering that could compromise AI model integrity, and potential leakage of proprietary or personal information. The availability of the system can also be affected if attackers disrupt or manipulate the curation process. Given the role of NeMo Curator in AI development pipelines, such compromises could undermine trust in AI outputs and cause operational disruptions. Organizations in sectors such as technology, research, defense, and any industry leveraging NVIDIA AI tools are at risk. The requirement for local access limits remote exploitation but insider threats or compromised accounts could facilitate attacks. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time.

To mitigate CVE-2025-23307, organizations should immediately upgrade NVIDIA NeMo Curator to version 25.07 or later, where the vulnerability is patched. Until patching is possible, restrict local user permissions to prevent unauthorized file creation or modification in directories processed by NeMo Curator. Implement strict access controls and monitoring on systems running NeMo Curator to detect unusual file activity or privilege escalations. Employ application whitelisting and endpoint detection and response (EDR) solutions to identify and block suspicious code execution attempts. Conduct regular audits of user privileges and system logs to detect potential exploitation attempts early. Additionally, isolate systems running NeMo Curator from less trusted networks and users to reduce the risk of local attackers gaining access. Educate users about the risks of opening or processing untrusted files within AI tool environments. Finally, maintain up-to-date backups of critical AI models and datasets to enable recovery in case of data tampering.