Nvidia Nemo Framework vulnerabilities

CVE-2026-24159 [HIGH] CWE-502 CVE-2026-24159: NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVE-2026-24157 [HIGH] CWE-502 CVE-2026-24157: NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause r NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVE-2025-33245 [HIGH] CWE-502 CVE-2025-33245: NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code executio NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33250 [HIGH] CWE-94 CVE-2025-33250: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2025-33251 [HIGH] CWE-94 CVE-2025-33251: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2025-33249 [HIGH] CWE-77 CVE-2025-33249: NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, wh NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33241 [HIGH] CWE-502 CVE-2025-33241: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33243 [HIGH] CWE-502 CVE-2025-33243: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution i NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33252 [HIGH] CWE-502 CVE-2025-33252: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2025-33236 [HIGH] CWE-94 CVE-2025-33236: NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cau NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33253 [HIGH] CWE-502 CVE-2025-33253: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution b NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2025-33246 [HIGH] CWE-77 CVE-2025-33246: NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.

CVE-2025-33226 [HIGH] CWE-502 CVE-2025-33226: NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33212 [HIGH] CWE-502 CVE-2025-33212: NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to expl NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

CVE-2025-33205 [HIGH] CWE-829 CVE-2025-33205: NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cau NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.

CVE-2025-33204 [HIGH] CWE-94 CVE-2025-33204: NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, wher NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33178 [HIGH] CWE-94 CVE-2025-33178: NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component wher NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.

CVE-2025-23361 [HIGH] CWE-94 CVE-2025-23361: NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-23312 [HIGH] CWE-94 CVE-2025-23312: NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-23313 [HIGH] CWE-94 CVE-2025-23313: NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicio NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.