Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NVIDIA NeMo Framework: Malicious Audio Input Can Execute Harmful Code
CVE-2025-33249
Summary
The NVIDIA NeMo Framework's voice-preprocessing script can be tricked into running malicious code if an attacker sends a specially crafted audio file. This can lead to unauthorized access to sensitive data, system crashes, or other security issues. Update the framework to the latest version to protect against this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of ...
Original description
NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
nvd CVSS3.1
7.8
Vulnerability type
CWE-77
Command Injection
- https://nvd.nist.gov/vuln/detail/CVE-2025-33249 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33249 Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026