NVIDIA Product Security Update Advisory

Sep 25 2025

Overview

We have released a security update to fix vulnerabilities in NVIDIA products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-23348, CVE-2025-23349, CVE-2025-23353, CVE-2025-23354

NVIDIA Megatron LM Versions: 0.13.1 and earlier
NVIDIA Megatron LM Versions: 0.12.3 and earlier

Resolved Vulnerabilities

Code injection vulnerability in the pretrain_gpt script in NVIDIA Megatron-LM (CVE-2025-23348)
Code injection vulnerability in the tasks/orqa/unsupervised/nq.py component in NVIDIA Megatron-LM (CVE-2025-23349)
Code injection vulnerability in the msdp preprocessing script in NVIDIA Megatron-LM (CVE-2025-23353)
Code injection vulnerability in the ensemble_classifier script in NVIDIA Megatron-LM (CVE-2025-23354)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-23348, CVE-2025-23349, CVE-2025-23353, CVE-2025-23354

NVIDIA Megatron LM Version: 0.13.1
NVIDIA Megatron LM version: 0.12.3

References

[1] Security Bulletin: NVIDIA Megatron LM – September 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5698

NVIDIA Product Security Update Advisory

Microsoft Edge browser (140.0.3485.81) version security update advisory

Lenovo Product Security Update Advisory (CVE-2025-8061)

Tags:

Microsoft Edge browser (140.0.3485.81) version security update advisory

Lenovo Product Security Update Advisory (CVE-2025-8061)