Deserialization of Untrusted Data in NVIDIA Apex - CVE-2025-33244

 

Deserialization of Untrusted Data in NVIDIA Apex - CVE-2025-33244

Published: May 7, 2026


Vulnerability identifier: #VU130511
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-33244
CWE-ID: CWE-502
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: nVidia
Affected software:
NVIDIA Apex

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote user on the local network can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


How to mitigate CVE-2025-33244

Install updates from vendor's website.

Sources