Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NVIDIA NeMo Framework: Malicious File Can Execute Code Remotely
CVE-2025-33253
GHSA-hvjw-vp7g-39h5
Summary
An attacker can trick users into loading a malicious file, potentially allowing the attacker to execute code on the system, disrupt its normal functioning, or access sensitive information. This issue affects the NVIDIA NeMo Framework software. To protect your systems, ensure you only load files from trusted sources and implement proper validation checks.
What to do
- Update nemo-toolkit to version 2.6.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | nemo-toolkit | <= 2.6.1 | 2.6.1 |
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework Deserializes Untrusted Data
Original description
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
nvd CVSS3.1
7.3
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://github.com/advisories/GHSA-hvjw-vp7g-39h5
- https://nvd.nist.gov/vuln/detail/CVE-2025-33253 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33253 Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026