CVE-2025-33214
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nvtabular | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Workflow component of NVIDIA NVTabular for Linux, where a user can cause a deserialization issue. Exploiting this vulnerability could allow an attacker to execute arbitrary code, cause denial of service, disclose information, or tamper with data.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to severe impacts including unauthorized code execution, denial of service, exposure of sensitive information, and unauthorized modification of data, potentially compromising system integrity and availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update NVIDIA NVTabular for Linux to the latest version where the deserialization flaw has been addressed. Since the vulnerability requires user interaction and can be exploited over the network, applying the official patches or updates from NVIDIA as soon as possible is recommended to prevent remote code execution, denial of service, information disclosure, and data tampering. [3]