YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

NeMo Unsafe torch.load PoC

Proof of Concept for unsafe deserialization in NVIDIA NeMo Framework (patch bypass for CVE-2025-33204/33205).

Files

  • poc_nemo_rce.py — Generates malicious adapter checkpoint that executes arbitrary code on load

Usage

python poc_nemo_rce.py
# Produces: malicious_adapter.pt
# Load with: model.load_adapters('malicious_adapter.pt')

Vulnerability

Multiple torch.load() calls without weights_only=True remain unpatched in NeMo's adapter loading, model initialization, and S3 checkpoint paths.

Disclosure

Submitted via Huntr Model File Format program.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support