关键漏洞信息 CVE-2025-23294 Detail 状态: Awaiting Analysis 描述: NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. CVSS 3.x Severity and Vector Strings: - Base Score: 7.8 HIGH - Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE Dictionary Entry: CVE-2025-23294 NVD Published Date: 08/13/2025 NVD Last Modified: 08/14/2025 Source: NVIDIA Corporation References to Advisories, Solutions, and Tools https://nvd.nist.gov/vuln/detail/CVE-2025-23294 (NVIDIA Corporation) https://nvidia.custhelp.com/app/answers/detail/a_id/5658 (NVIDIA Corporation) https://www.cve.org/CVERecord?id=CVE-2025-23294 (NVIDIA Corporation) Weakness Enumeration CWE-ID: CWE-78 CWE Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Source: NVIDIA Corporation Change History 1 change record found