Main Vulnerability Database Vulnerabilities #VU131821

Code Injection in NVIDIA Nemo Framework - CVE-2025-33204

Published: May 19, 2026

Vulnerability identifier: #VU131821

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-33204

CWE-ID: CWE-94

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
NVIDIA Nemo Framework

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code, escalate privileges, disclose sensitive information, and modify data.

The vulnerability exists due to code injection in the NLP and LLM components when processing malicious data created by an attacker. A local user can supply crafted data to execute arbitrary code, escalate privileges, disclose sensitive information, and modify data.

How to mitigate CVE-2025-33204

Install security update from vendor's website.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/5729
https://www.nvidia.com/security

Code Injection in NVIDIA Nemo Framework - CVE-2025-33204

Detailed vulnerability description

How to mitigate CVE-2025-33204

Sources

Please verify you're human