关键信息 CVE ID: CVE-2025-33204 发布日期: 2025-11-25 最后修改日期: 2025-11-25 来源: NVIDIA Corporation 描述 漏洞概述: NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. 评分与评估 CVSS 3.x: - 严重性: - CNA评分: 7.8 (高) - 向量字符串: - CVSS: 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 参考信息 URL: - https://nvd.nist.gov/vuln/detail/CVE-2025-33204 - https://nvidia.custhelp.com/app/answers/detail/a_id/5729 - https://www.cve.org/CVERecord?id=CVE-2025-33204 弱点枚举 CWE-ID: CWE-94 CWE名称: Improper Control of Generation of Code ('Code Injection') 来源: NVIDIA Corporation 历史变更 变更加载: show changes