### Key Information #### Description - **CVE ID:** CVE-2025-33253 - **Description:** The NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. #### Metrics - **CVSS Version:** 3.x - **Base Score (NIST):** 7.3 (High) - **Base Score (CNA - NVIDIA Corporation):** 7.8 (High) - **Vector:** CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H #### References - **Vendor Advisory:** https://nvidia.custhelp.com/app/answers/detail/a_id/5762 - **Third Party Advisory:** https://www.cve.org/CVERecord?id=CVE-2025-33253 #### Weakness Enumeration - **CWE-ID:** CWE-502 - **CWE Name:** Deserialization of Untrusted Data #### Known Affected Software Configurations - **Configuration:** cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:* - **Up to (excluding):** 2.6.1 #### Quick Info - **CVE Dictionary Entry:** CVE-2025-33253 - **NVD Published Date:** 02/18/2026 - **NVD Last Modified:** 02/20/2026 - **Source:** NVIDIA Corporation