CVE-2025-33253 — Deserialization of Untrusted Data in Nvidia Nemo

CWE-502 — Deserialization of Untrusted Data5 documents5 sources

Severity

7.3HIGHNVD

CNA7.8

EPSS

0.1%

top 70.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Nemo Nvidia Nemo Framework

Timeline

PublishedFeb 18

Description

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5nvidia/nemo_frameworkAll versions prior to 2.6.1

▶NVDnvidia/nemo< 2.6.1

🔴Vulnerability Details

GHSA

NVIDIA NeMo Framework Deserializes Untrusted Data↗2026-02-18

▶

CVEList

CVE-2025-33253: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted↗2026-02-18

▶

OSV

NVIDIA NeMo Framework Deserializes Untrusted Data↗2026-02-18

▶

🕵️Threat Intelligence

Wiz

CVE-2025-33253 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶