CVE-2025-33250

Published: Feb 18, 2026Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@nvidia.com (Secondary)

Description

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Affected (1)

Products: Nvidia: Nemo

Nvidia

1 product

Nemo

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nvidia Nemo	Before 2.6.1

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-33250

Source: psirt@nvidia.com

US Government ResourceVDB Entry

https://nvidia.custhelp.com/app/answers/detail/a_id/5762

Source: psirt@nvidia.com

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-33250

Source: psirt@nvidia.com

Third Party Advisory

Timeline

No history available yet.