CVE-2025-33212 HIGH

CVE-2025-33212

Vendor Nvidia

Product NeMo Framework

Weakness CWE-502 · Unsafe deserialization

Published December 16, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

Key dates

02Disclosure timeline

December 16, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-33212 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution CVE-2019-15271 Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability CVE-2024-52432 WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability CVE-2024-7486 MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection