CVE ID: CVE-2025-23361, CVE-2025-33178 Product: NVIDIA NeMo Framework Vulnerabilities: - CVE-2025-23361: Vulnerability in a script that can lead to Code execution, Escalation of privileges, Data tampering, and information disclosure. - CVE-2025-33178: Vulnerability in the bert services component where malicious data can lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering. Affected Versions: All versions prior to 2.5.0 Updated Version: 2.5.0 CWEs: CWE-94 CVSS Scores: 7.8 (High) for both vulnerabilities Vectors: - For CVE-2025-23361: - For CVE-2025-33178: Impacts: Code execution, Escalation of privileges, Data tampering, Information disclosure Acknowledgements: TencentAI&Sec for reporting issue CVE-2025-23361, Guanheng Liu, Pinji Chen from NISL lab at Tsinghua University for reporting issue CVE-2025-33178 Update: Users are advised to update to version 2.5.0 to mitigate the issues identified.