(catonetworks.com) Critical Vulnerabilities in NVIDIA NeMo and Meta PyTorch Enable Remote Code Execution via Malicious AI Models
-
(catonetworks.com) Critical Vulnerabilities in NVIDIA NeMo and Meta PyTorch Enable Remote Code Execution via Malicious AI Models
Critical RCE vulnerabilities in NVIDIA NeMo (CVE-2025-33236, CVSS 7.8) and Meta PyTorch expose AI model pipelines to full system compromise. Hardcoded `trust_remote_code=True` in NeMo and a heap buffer overflow bypass in PyTorch turn AI models into attack vectors.
In brief - High-severity flaws in NVIDIA NeMo and Meta PyTorch enable RCE via malicious AI models, risking cloud credentials and production infrastructure. These vulnerabilities highlight critical gaps in AI supply chain security, even when best practices are followed.
Technically - NVIDIA NeMo’s hardcoded `trust_remote_code=True` allows arbitrary Python execution during HuggingFace model imports. Meta PyTorch’s `weights_only=True` is bypassed via storage size mismatches, triggering heap buffer overflows. Both enable RCE, data exfiltration, and system compromise, underscoring the need for secure-by-default configurations and sandboxing.
Source: https://www.catonetworks.com/blog/cato-ctrl-new-vulnerabilities-in-nvidia-nemo-and-meta-pytorch/
-
R relay@relay.infosec.exchange shared this topic
