Security Vulnerabilities - CVEs Published In September 2025
Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-24
Memory corruption while performing private key encryption in trusted application.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-24
Cryptographic issue while performing RSA PKCS padding decoding.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-09-24
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-24
NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-24
NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data tampering.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-09-24
Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval() function on a user-controlled query parameter in the project_bulk_archive view. This allows privileged users (e.g., administrators) to execute arbitrary system commands on the server. While having Django’s DEBUG=True makes exploitation visibly easier by returning command output in the HTTP response, this is not required. The vulnerability can still be exploited in DEBUG=False mode by using blind payloads such as a reverse shell, leading to full remote code execution. This issue has been patched in version 1.3.1.
CVSS Score
7.2
EPSS Score
0.028
Published
2025-09-24
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to denial of service.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-09-24
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running
cuobjdump.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-09-24
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of this vulnerability may lead to a partial denial of service.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-09-24