Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.0
NVIDIA NeMo Framework: Malicious Data Can Execute Code Remotely
CVE-2025-33245
GHSA-9379-mwvr-7wxx
Summary
The NVIDIA NeMo Framework has a security weakness that could allow an attacker to execute malicious code on a remote system. This could lead to unauthorized access, data tampering, or other security issues. NVIDIA has likely already addressed this issue in a software update, so you should check for and install any available updates for the framework.
What to do
- Update nemo-toolkit to version 2.6.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | nemo-toolkit | <= 2.6.1 | 2.6.1 |
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution
Original description
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
nvd CVSS3.1
8.8
Vulnerability type
CWE-502
Deserialization of Untrusted Data
- https://nvd.nist.gov/vuln/detail/CVE-2025-33245 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33245 Third Party Advisory
- https://github.com/advisories/GHSA-9379-mwvr-7wxx
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026