Nvidia Addresses Critical Security Vulnerabilities in AI Software

Nvidia has announced the release of updates aimed at addressing several high-risk security vulnerabilities found in its artificial intelligence software. These vulnerabilities pose significant risks, enabling potential attackers to execute arbitrary code, escalate their privileges, extract confidential information, or manipulate data.

The affected projects include Nvidia's Apex, Isaac-GR00T, Megatron LM, Merlin Transformers4Rec, NeMo Framework, and WebDataset. Each of these projects has been flagged for critical security issues that could lead to severe consequences if exploited.

While Nvidia has not provided detailed descriptions of the individual vulnerabilities in their security bulletins, they have highlighted the potential impact of these flaws. Notably, the vulnerabilities carry a Common Vulnerability Scoring System (CVSS) score of 7.8, indicating a high level of risk:

• NVIDIA Apex: CVE-2025-23295
• NVIDIA Isaac-GR00T: CVE-2025-23296
• NVIDIA Megatron LM: CVE-2025-23305, CVE-2025-23306
• NVIDIA Merlin Transformers4Rec: CVE-2025-23298
• NVIDIA NeMo Framework: CVE-2025-23303, CVE-2025-23304
• NVIDIA WebDataset: CVE-2025-23294

Nvidia has urged organizations using these software solutions to implement the latest updates, which are available through the respective GitHub repositories and associated commits that address the specified security vulnerabilities. IT administrators are encouraged to apply these updates promptly to mitigate potential security risks.

This is not the first time Nvidia has faced scrutiny over security vulnerabilities in its AI software. In March, the company disclosed vulnerabilities in its HGX software, which could have allowed attackers to execute malicious code or launch denial-of-service attacks.