Preface: NeMo is an open source PyTorch-based toolkit for research in conversational AI that exposes more of the model and PyTorch internals. Riva supports the ability to import supported models trained in NeMo.
NVIDIA Riva is a GPU-accelerated SDK for building Speech AI applications, customized for your use case, and delivering real-time performance.
Background: NVIDIA Riva does not come with any default user accounts. Instead, it relies on secure access through NVIDIA NGC (NVIDIA GPU Cloud). Users need to log in to NGC to access and deploy Riva services. This ensures that only authorized users can set up and manage Riva deployments.
NVIDIA Riva’s default access control mechanisms are designed to ensure secure deployment and operation. By default, Riva employs:
Role-Based Access Control (RBAC): This allows administrators to define roles and assign permissions to users based on their roles.
There is authentication between NVIDIA NGC and Riva. When you pull Riva container images from NGC, you need to authenticate using your NGC API key. This involves:
- NGC CLI Configuration: You set up the NGC CLI with your API key, which acts as your authentication credential1.
- OAuth Token: The username for authentication is $oauthtoken, and the password is your NGC_API_KEY
Vulnerability details:
CVE-2025-23242 – NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure.
CVE-2025-23243 – NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service.
Official announcement: Please see the official link for details –