CVE-2025-33250
Received
Received - Intake
Remote Code Execution Vulnerability in NVIDIA NeMo Framework
Publication date: 2026-02-18
Last updated on: 2026-02-20
Assigner: NVIDIA Corporation
Description
Description
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nemo | to 2.6.1 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-33250 is a vulnerability in the NVIDIA NeMo Framework that allows an attacker to execute remote code.
This vulnerability is classified under CWE-94, which relates to improper control of code generation, commonly known as code injection.
A successful exploit could lead to remote code execution, denial of service, information disclosure, and data tampering.
How can this vulnerability impact me? :
Exploiting this vulnerability can have serious impacts including:
- Remote code execution, allowing attackers to run arbitrary code on the affected system.
- Denial of service, potentially making the system or application unavailable.
- Information disclosure, exposing sensitive data to unauthorized parties.
- Data tampering, enabling attackers to alter or corrupt data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70