Main Vulnerability Database Vulnerabilities #VU131820

Code Injection in NVIDIA Nemo Framework - CVE-2025-33178

Published: May 19, 2026

Vulnerability identifier: #VU131820

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-33178

CWE-ID: CWE-94

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
NVIDIA Nemo Framework

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data.

The vulnerability exists due to code injection in the bert services component when processing malicious data. A local user can provide malicious data to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data.

How to mitigate CVE-2025-33178

Install security update from vendor's website.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/5718
https://www.nvidia.com/

Code Injection in NVIDIA Nemo Framework - CVE-2025-33178

Detailed vulnerability description

How to mitigate CVE-2025-33178

Sources

Please verify you're human