CVE-2025-33247
Received Received - Intake
Remote Code Execution in NVIDIA Megatron LM Quantization Loader

Publication date: 2026-03-24

Last updated on: 2026-03-25

Assigner: NVIDIA Corporation

Description
NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33247
EUVD
EUVD-2025-208974
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia megatron-lm to 0.15.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-33247 is a high-severity vulnerability in NVIDIA Megatron LM related to the quantization configuration loading process. It is classified under CWE-502 (Deserialization of Untrusted Data). This flaw allows an attacker with low privileges and no user interaction required to execute remote code on the affected system.

The vulnerability arises from improper handling of quantization configuration data, which can be exploited to run arbitrary code remotely.

Impact Analysis

Successful exploitation of this vulnerability can lead to several serious impacts including remote code execution, escalation of privileges, information disclosure, and data tampering.

  • Remote code execution allows attackers to run malicious code on your system.
  • Escalation of privileges can give attackers higher-level access than initially permitted.
  • Information disclosure may expose sensitive data.
  • Data tampering can compromise the integrity of your data.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2025-33247 vulnerability in NVIDIA Megatron LM, users should update their installations to version 0.15.3 or later.

This update addresses the vulnerability related to the quantization configuration loading process that could allow remote code execution.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart