CVE-2025-33244
Deserialization Vulnerability in NVIDIA APEX for PyTorch Leads to Code Execution
Publication date: 2026-03-24
Last updated on: 2026-03-24
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | apex | to 2.6 (exc) |
| pytorch | pytorch | to 2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-33244 is a critical vulnerability in NVIDIA APEX for Linux that affects environments using PyTorch versions earlier than 2.6.
The vulnerability arises from the deserialization of untrusted data, which means that an attacker can exploit the way data is converted back into objects in the software.
An unauthorized attacker could exploit this flaw to execute arbitrary code, cause denial of service, escalate privileges, tamper with data, or disclose sensitive information.
How can this vulnerability impact me? :
If exploited, this vulnerability can have severe impacts including remote code execution, which allows attackers to run malicious code on the affected system.
It can also lead to denial of service, making the system or application unavailable to legitimate users.
Attackers may escalate their privileges, gaining higher access rights than intended.
Data tampering and information disclosure are also possible, compromising the confidentiality and integrity of data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'To mitigate the CVE-2025-33244 vulnerability, users should update NVIDIA Apex to include commit db8e053 or later.'}, {'type': 'paragraph', 'content': 'Ensure that your environment uses PyTorch version 2.6 or newer, as versions earlier than 2.6 are affected by this vulnerability.'}, {'type': 'paragraph', 'content': "Evaluate the risk based on your specific configurations and keep track of ongoing security updates and support through NVIDIA's Product Security page."}] [3]