CVE-2025-33203 HIGH

CVE-2025-33203

Vendor Nvidia

Product NeMo Agent ToolKit

Weakness CWE-918 · SSRF

Published November 25, 2025

Last update November 26, 2025

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.

Key dates

02Disclosure timeline

November 25, 2025 CVE published

November 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-33203 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2026-39921 GeoNode < 4.4.5, 5.0.2 SSRF via Document Upload CVE-2026-5417 Dataease SQLbot Elasticsearch es_engine.py get_es_data_by_http server-side request forgery CVE-2025-13393 Featured Image from URL (FIFU) <= 5.3.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'fifu_input_url' CVE-2022-1285 Server-Side Request Forgery (SSRF) in gogs/gogs CVE-2024-45507 Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE