CVE-2025-33250
Received Received - Intake

Remote Code Execution Vulnerability in NVIDIA NeMo Framework

Vulnerability report for CVE-2025-33250, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-18

Last updated on: 2026-02-20

Assigner: NVIDIA Corporation

Description

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-18
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-02-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia nemo to 2.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-33250 is a vulnerability in the NVIDIA NeMo Framework that allows an attacker to execute remote code.

This vulnerability is classified under CWE-94, which relates to improper control of code generation, commonly known as code injection.

A successful exploit could lead to remote code execution, denial of service, information disclosure, and data tampering.

Impact Analysis

Exploiting this vulnerability can have serious impacts including:

  • Remote code execution, allowing attackers to run arbitrary code on the affected system.
  • Denial of service, potentially making the system or application unavailable.
  • Information disclosure, exposing sensitive data to unauthorized parties.
  • Data tampering, enabling attackers to alter or corrupt data.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33250. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart