CVE-2025-33245
Published: 18 February 2026
Summary
CVE-2025-33245 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nvidia Nemo. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 43.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the deserialization of untrusted data vulnerability in NVIDIA NeMo Framework by requiring timely patching as per vendor advisories.
Validates untrusted inputs like model data and datasets to block malicious deserialization payloads that could lead to remote code execution.
Protects system memory from unauthorized code execution that would result from successful deserialization exploits in the NeMo Framework.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization of untrusted data enables remote code execution via exploitation of client software (T1203: Exploitation for Client Execution). Possible outcomes include privilege escalation (T1068: Exploitation for Privilege Escalation).
NVD Description
NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Deeper analysisAI
CVE-2025-33245 is a vulnerability in the NVIDIA NeMo Framework, an open-source toolkit for developing generative AI models. The flaw, classified under CWE-502 (Deserialization of Untrusted Data), allows malicious data to trigger remote code execution. Successful exploitation could result in arbitrary code execution, privilege escalation, information disclosure, and data tampering on affected systems.
The vulnerability has a CVSS v3.1 base score of 8.0 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low complexity by an attacker possessing low privileges, though it requires user interaction. A threat actor could deliver crafted malicious data—such as in model inputs or shared datasets—to a legitimate user with access to the NeMo environment, prompting them to process it and thereby execute arbitrary code with the user's privileges, potentially leading to full system compromise, data exfiltration, or manipulation.
Mitigation details are available in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5762, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33245, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33245. Users should consult these for patch availability, updated NeMo versions, and recommended workarounds like input validation or restricted deserialization.
Details
- CWE(s)