CVE-2025-33248
Received Received - Intake
Remote Code Execution in NVIDIA Megatron-LM Hybrid Conversion Script

Publication date: 2026-03-24

Last updated on: 2026-03-25

Assigner: NVIDIA Corporation

Description
NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-24
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33248
EUVD
EUVD-2025-208975
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia megatron-lm to 0.15.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-33248 is a vulnerability in NVIDIA Megatron-LM's hybrid conversion script. An attacker can exploit this flaw by convincing a user to load a maliciously crafted file, which leads to remote code execution (RCE)."}, {'type': 'paragraph', 'content': 'This vulnerability is classified under CWE-502: Deserialization of Untrusted Data, meaning it arises from unsafe handling of data that can be manipulated by an attacker.'}, {'type': 'paragraph', 'content': 'Exploiting this vulnerability can result in code execution, escalation of privileges, information disclosure, and data tampering.'}] [1]

Impact Analysis

If exploited, this vulnerability can have severe impacts including unauthorized code execution on the affected system.

  • Escalation of privileges, allowing attackers to gain higher access rights.
  • Information disclosure, potentially exposing sensitive data.
  • Data tampering, which can compromise data integrity.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33248. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart