CVE-2025-33244
Received Received - Intake
Deserialization Vulnerability in NVIDIA APEX for PyTorch Leads to Code Execution

Publication date: 2026-03-24

Last updated on: 2026-03-24

Assigner: NVIDIA Corporation

Description
NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33244
EUVD
EUVD-2025-208972
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nvidia apex to 2.6 (exc)
pytorch pytorch to 2.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-33244 is a critical vulnerability in NVIDIA APEX for Linux that affects environments using PyTorch versions earlier than 2.6.

The vulnerability arises from the deserialization of untrusted data, which means that an attacker can exploit the way data is converted back into objects in the software.

An unauthorized attacker could exploit this flaw to execute arbitrary code, cause denial of service, escalate privileges, tamper with data, or disclose sensitive information.

Impact Analysis

If exploited, this vulnerability can have severe impacts including remote code execution, which allows attackers to run malicious code on the affected system.

It can also lead to denial of service, making the system or application unavailable to legitimate users.

Attackers may escalate their privileges, gaining higher access rights than intended.

Data tampering and information disclosure are also possible, compromising the confidentiality and integrity of data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate the CVE-2025-33244 vulnerability, users should update NVIDIA Apex to include commit db8e053 or later.'}, {'type': 'paragraph', 'content': 'Ensure that your environment uses PyTorch version 2.6 or newer, as versions earlier than 2.6 are affected by this vulnerability.'}, {'type': 'paragraph', 'content': "Evaluate the risk based on your specific configurations and keep track of ongoing security updates and support through NVIDIA's Product Security page."}] [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33244. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart