CVE-2025-33248
Received Received - Intake

Remote Code Execution in NVIDIA Megatron-LM Hybrid Conversion Script

Vulnerability report for CVE-2025-33248, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-24

Last updated on: 2026-03-25

Assigner: NVIDIA Corporation

Description

NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-24
Last Modified
2026-03-25
Generated
2026-07-06
AI Q&A
2026-03-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia megatron-lm to 0.15.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-33248 is a vulnerability in NVIDIA Megatron-LM's hybrid conversion script. An attacker can exploit this flaw by convincing a user to load a maliciously crafted file, which leads to remote code execution (RCE)."}, {'type': 'paragraph', 'content': 'This vulnerability is classified under CWE-502: Deserialization of Untrusted Data, meaning it arises from unsafe handling of data that can be manipulated by an attacker.'}, {'type': 'paragraph', 'content': 'Exploiting this vulnerability can result in code execution, escalation of privileges, information disclosure, and data tampering.'}] [1]

Impact Analysis

If exploited, this vulnerability can have severe impacts including unauthorized code execution on the affected system.

  • Escalation of privileges, allowing attackers to gain higher access rights.
  • Information disclosure, potentially exposing sensitive data.
  • Data tampering, which can compromise data integrity.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33248. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart