YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
NeMo Unsafe torch.load PoC
Proof of Concept for unsafe deserialization in NVIDIA NeMo Framework (patch bypass for CVE-2025-33204/33205).
Files
poc_nemo_rce.py— Generates malicious adapter checkpoint that executes arbitrary code on load
Usage
python poc_nemo_rce.py
# Produces: malicious_adapter.pt
# Load with: model.load_adapters('malicious_adapter.pt')
Vulnerability
Multiple torch.load() calls without weights_only=True remain unpatched in NeMo's adapter loading, model initialization, and S3 checkpoint paths.
Disclosure
Submitted via Huntr Model File Format program.
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support