CVE-2025-33243
Published: 18 February 2026
Summary
CVE-2025-33243 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nvidia Nemo. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 48.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation directly patches CVE-2025-33243 in NVIDIA NeMo Framework, preventing remote code execution, privilege escalation, information disclosure, and data tampering in distributed environments.
Memory protection safeguards such as ASLR and DEP mitigate exploitation of the deserialization vulnerability (CWE-502) leading to remote code execution even with local low-privilege access.
Least privilege enforcement limits the scope and impact of privilege escalation and subsequent data tampering or disclosure following code execution from low-privilege accounts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-502 deserialization flaw directly enables RCE in NeMo distributed clusters (T1190) and subsequent local privilege escalation (T1068).
NVD Description
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Deeper analysisAI
CVE-2025-33243 is a vulnerability in the NVIDIA NeMo Framework that enables an attacker to cause remote code execution in distributed environments. Successful exploitation might lead to code execution, escalation of privileges, information disclosure, and data tampering. The issue is associated with CWE-502 and has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with local access required, low attack complexity, and low privileges needed.
An attacker with local access and low-level privileges on an affected system can exploit this vulnerability without user interaction. In distributed environments, such as those used for training large AI models with NeMo, this could allow remote code execution from the perspective of the cluster. Exploitation grants high-impact confidentiality, integrity, and availability consequences, potentially enabling privilege escalation, data exfiltration, or manipulation within the framework.
Mitigation details are available in the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5762, along with further analysis on the NVD page at https://nvd.nist.gov/vuln/detail/CVE-2025-33243 and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33243. Security practitioners should consult these resources for patching instructions and workarounds specific to NeMo deployments.
Details
- CWE(s)