Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NVIDIA NeMo Framework ASR Evaluator allows command injection attacks
CVE-2025-33246
Summary
The NVIDIA NeMo Framework's ASR Evaluator tool is vulnerable to a security risk. If a malicious user provides specially crafted input, it could lead to unauthorized access to the system, data theft, or other security breaches. To protect your system, update the NVIDIA NeMo Framework to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. ...
Original description
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, or information disclosure.
nvd CVSS3.1
7.8
Vulnerability type
CWE-77
Command Injection
- https://nvd.nist.gov/vuln/detail/CVE-2025-33246 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33246 Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026