What are the NeMo, Uni2TS, and FlexTok vulnerabilities?

These are vulnerabilities found in AI libraries that could allow arbitrary code execution via malicious model metadata.

Did Apple, Salesforce, or NVIDIA fix their AI library flaws?

Yes, all three developers released fixes for the identified vulnerabilities by July 2025.

Are these AI vulnerabilities being exploited now?

As of December 2025, there is no evidence of these vulnerabilities being exploited in the wild.

Home / Technology / AI Tools' Hidden Code Execution Risk Found

AI Tools' Hidden Code Execution Risk Found

14 Jan

•

Summary

Vulnerabilities in AI libraries allowed arbitrary code execution.
Apple, Salesforce, and NVIDIA libraries were affected.
All identified vulnerabilities were fixed by July 2025.

AI Tools' Hidden Code Execution Risk Found

Security researchers uncovered significant vulnerabilities in widely-used AI and machine learning tools, potentially allowing attackers to execute arbitrary code remotely. The flaws were discovered in three open-source Python libraries—NeMo, Uni2TS, and FlexTok—developed by Apple, Salesforce, and NVIDIA. These libraries, boasting over 10 million downloads on HuggingFace, used metadata to configure complex models, inadvertently executing any embedded code when loading modified models.

Notifications were sent to the developers in April 2025, and fixes were implemented by the end of July 2025. NVIDIA addressed CVE-2025-23304 with a high severity rating (7.8/10) in NeMo 2.3.2. FlexTok updated its code in June 2025, while Salesforce released CVE-2026-22584, a critical vulnerability (9.8/10), which was fixed in July 2025.

As of December 2025, there is no indication that these vulnerabilities have been exploited in active attacks. The discoveries were made using Palo Alto Networks' Prisma AIRS tool, highlighting the ongoing need for vigilance in AI security.