CVE-2025-33245

High

Published: 18 February 2026

Published

18 February 2026

Modified

20 February 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0034 56.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the deserialization of untrusted data vulnerability in NVIDIA NeMo Framework by requiring timely patching as per vendor advisories.

SI-10 Information Input Validation good match

prevent

Validates untrusted inputs like model data and datasets to block malicious deserialization payloads that could lead to remote code execution.

SI-16 Memory Protection good match

prevent

Protects system memory from unauthorized code execution that would result from successful deserialization exploits in the NeMo Framework.

Security SummaryAI

CVE-2025-33245 is a vulnerability in the NVIDIA NeMo Framework, an open-source toolkit for developing generative AI models. The flaw, classified under CWE-502 (Deserialization of Untrusted Data), allows malicious data to trigger remote code execution. Successful exploitation could result in arbitrary code execution, privilege escalation, information disclosure, and data tampering on affected systems.

The vulnerability has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity by an attacker possessing low privileges, though it requires user interaction. A threat actor could deliver crafted malicious data—such as in model inputs or shared datasets—to a legitimate user with access to the NeMo environment, prompting them to process it and thereby execute arbitrary code with the user's privileges, potentially leading to full system compromise, data exfiltration, or manipulation.

Mitigation details are available in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5762, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33245, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33245. Users should consult these for patch availability, updated NeMo versions, and recommended workarounds like input validation or restricted deserialization.

Details

CWE(s): CWE-502

Affected Products

nvidia

nemo

≤ 2.6.1

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Deserialization of untrusted data enables remote code execution via exploitation of client software (T1203: Exploitation for Client Execution). Possible outcomes include privilege escalation (T1068: Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33245
US Government Resource, VDB Entry · psirt@nvidia.com
https://nvidia.custhelp.com/app/answers/detail/a_id/5762
Vendor Advisory · psirt@nvidia.com
https://www.cve.org/CVERecord?id=CVE-2025-33245
Third Party Advisory · psirt@nvidia.com