Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NVIDIA NeMo Framework allows attackers to run malicious code remotely
CVE-2025-33241
Summary
The NVIDIA NeMo Framework can load and run code from a file sent by an attacker, which could allow them to take control of the system, access sensitive information, or make unauthorized changes. This means that if you're using NeMo Framework, you should be cautious about the files you allow it to load and consider taking steps to prevent unauthorized access. You may need to update the framework or restrict file loading to mitigate this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to co...
Original description
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
nvd CVSS3.1
7.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://nvd.nist.gov/vuln/detail/CVE-2025-33241 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33241 Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026