CVE-2025-33212

Published: Dec 16, 2025Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

Affected (1)

Products: Nvidia: Nemo

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nvidia Nemo	Before 2.5.3

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-33212

Source: psirt@nvidia.com

Technical Description

https://nvidia.custhelp.com/app/answers/detail/a_id/5736

Source: psirt@nvidia.com

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-33212

Source: psirt@nvidia.com

Technical Description

Timeline

No history available yet.