Cyber Resilience

CVE-2025-33244

Critical

Published: 24 March 2026

Published
24 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0058 43.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-33244 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Data-Related Vulnerabilities risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-33244 is a deserialization of untrusted data vulnerability (CWE-502) in NVIDIA APEX for Linux. This issue affects environments using PyTorch versions earlier than 2.6, where an unauthorized attacker could trigger the deserialization of untrusted data. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2026-03-24.

An adjacent attacker with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Scope changes to a higher scope upon successful exploitation, potentially allowing arbitrary code execution, denial of service, privilege escalation, data tampering, and information disclosure.

Mitigation details are available in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5782, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33244, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33244.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution,…

more

denial of service, escalation of privileges, data tampering, and information disclosure.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Data-Related Vulnerabilities
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pytorch

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Deserialization vulnerability enables remote exploitation over adjacent network (AV:A) with low privileges (PR:L) leading to scope change, arbitrary code execution, and privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-27172Shared CWE-502
CVE-2025-69276Shared CWE-502
CVE-2026-3357Shared CWE-502
CVE-2025-66524Shared CWE-502
CVE-2025-42928Shared CWE-502
CVE-2025-62420Shared CWE-502
CVE-2026-40858Shared CWE-502
CVE-2024-57766Shared CWE-502
CVE-2024-57764Shared CWE-502
CVE-2025-26921Shared CWE-502

Affected Assets

PyTorch
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation through patching PyTorch to version 2.6 or later directly eliminates the deserialization vulnerability in NVIDIA APEX.

prevent

Information input validation prevents deserialization of untrusted data by ensuring serialized inputs are verified before processing in PyTorch environments.

prevent

Memory protection mechanisms like ASLR and DEP mitigate arbitrary code execution resulting from successful deserialization exploits.

References