CVE-2025-33247
Published: 24 March 2026
Summary
CVE-2025-33247 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nvidia Megatron-Lm. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the deserialization of untrusted data vulnerability in NVIDIA Megatron LM quantization configuration loading through timely flaw remediation and patching.
Validates inputs to the quantization configuration loading process to prevent deserialization of untrusted data that could lead to remote code execution.
Enforces least privilege to limit the impact of privilege escalation and subsequent effects like information disclosure and data tampering from successful exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-502 deserialization in config loading directly enables arbitrary code execution (T1059) and privilege escalation (T1068) with local low-priv access.
NVD Description
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Deeper analysisAI
CVE-2025-33247 is a vulnerability in the quantization configuration loading mechanism of NVIDIA Megatron LM, a framework for training large-scale language models. This flaw could allow remote code execution, with potential impacts including code execution, privilege escalation, information disclosure, and data tampering. The vulnerability is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H) and is associated with CWE-502 (Deserialization of Untrusted Data).
An attacker with local access and low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact outcomes on confidentiality, integrity, and availability, aligning with the described effects of arbitrary code execution, privilege escalation, information disclosure, and data tampering.
Mitigation details are available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5769, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33247, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33247. Security practitioners should consult these resources for patching instructions and workarounds specific to affected NVIDIA Megatron LM deployments.
This vulnerability affects an AI/ML training framework, highlighting risks in model optimization components like quantization, though no real-world exploitation has been reported in the available details.
Details
- CWE(s)