Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

NVIDIA Corporation

#9576f279-3576-44b5-a4af-b9a8644b2de6
PolicyEmail

Short Name

nvidia

Program Role

CNA

Top Level Root

MITRE Corporation

Security Advisories

View Advisories

Domain

nvidia.com

Country

USA

Scope

NVIDIA issues only.
Reported CVEsVendorsProductsReports
14Vulnerabilities found
CVE-2026-24149
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.01%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 19:55
Updated-04 Feb, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Megatron-LM
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33237
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.85%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:49
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX, Quadro, NVSGeForce
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33220
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:48
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceVirtual GPU ManagerTesla
CWE ID-CWE-416
Use After Free
CVE-2025-33219
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:48
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-GeForceVirtual GPU ManagerTeslaRTX PRO, RTX, QuadroGuest driver
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-33218
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:47
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceGuest driverTesla
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-33217
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.26%
||
7 Day CHG~0.00%
Published-28 Jan, 2026 | 17:46
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-RTX PRO, RTX, QuadroGeForceTesla
CWE ID-CWE-416
Use After Free
CVE-2025-33234
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 17:58
Updated-29 Jan, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA runx
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-33231
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.25%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:55
Updated-02 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-cuda_toolkitwindowsCUDA Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-33230
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.03%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:55
Updated-02 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelcuda_toolkitCUDA Toolkit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-33229
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.01% / 2.50%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:44
Updated-02 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-Microsoft CorporationNVIDIA Corporation
Product-cuda_toolkitwindowsCUDA Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-33228
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 5.03%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:44
Updated-02 Feb, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-cuda_toolkitCUDA Toolkit
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-33233
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.82%
||
7 Day CHG~0.00%
Published-20 Jan, 2026 | 17:43
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Merlin Transformers4Rec
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33206
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.98%
||
7 Day CHG~0.00%
Published-14 Jan, 2026 | 18:30
Updated-02 Feb, 2026 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-linux_kernelnsight_graphicsNSIGHT Graphics
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-33222
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.57%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 17:10
Updated-15 Jan, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-isaac_launchableIsaac Launchable
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-33223
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.09%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 17:10
Updated-15 Jan, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-isaac_launchableIsaac Launchable
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-33224
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.09%
||
7 Day CHG~0.00%
Published-23 Dec, 2025 | 17:10
Updated-15 Jan, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-isaac_launchableIsaac Launchable
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2025-33235
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:38
Updated-02 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-nvidia_resiliency_extensionlinux_kernelResiliency Extension
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-33225
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:37
Updated-02 Feb, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-nvidia_resiliency_extensionlinux_kernelResiliency Extension
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2025-33210
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9||CRITICAL
EPSS-0.10% / 27.82%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:29
Updated-02 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-isaac_labIsaac Lab
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33226
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.61%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:22
Updated-09 Jan, 2026 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33212
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 18.85%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:21
Updated-09 Jan, 2026 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33214
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:49
Updated-09 Dec, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVTabular
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33213
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 20.81%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:48
Updated-09 Dec, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-Merlin Transformers4Rec
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-33208
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.41%
||
7 Day CHG-0.01%
Published-03 Dec, 2025 | 18:19
Updated-30 Jan, 2026 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure.

Action-Not Available
Vendor-Canonical Ltd.NVIDIA Corporation
Product-tao_toolkitubuntu_linuxTAO
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-33211
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.51%
||
7 Day CHG-0.01%
Published-03 Dec, 2025 | 18:16
Updated-05 Dec, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kerneltriton_inference_serverTriton Inference Server
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2025-33201
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-03 Dec, 2025 | 18:15
Updated-05 Dec, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, Inc
Product-linux_kerneltriton_inference_serverTriton Inference Server
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-33203
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.6||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:10
Updated-26 Nov, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NeMo Agent ToolKit
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-33205
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.13%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:07
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-33204
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:06
Updated-07 Jan, 2026 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33200
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-2.3||LOW
EPSS-0.01% / 2.72%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:00
Updated-02 Dec, 2025 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2025-33199
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-3.2||LOW
EPSS-0.01% / 2.72%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:00
Updated-02 Dec, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2025-33198
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-3.3||LOW
EPSS-0.02% / 3.35%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:00
Updated-02 Dec, 2025 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2025-33197
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 18:00
Updated-02 Dec, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-33196
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:59
Updated-02 Dec, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2025-33195
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:59
Updated-02 Dec, 2025 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-33194
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:59
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-180
Incorrect Behavior Order: Validate Before Canonicalize
CVE-2025-33193
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 0.67%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:59
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2025-33192
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 3.63%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-690
Unchecked Return Value to NULL Pointer Dereference
CVE-2025-33191
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 6.78%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-20
Improper Input Validation
CVE-2025-33190
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.71%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33189
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.33%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:58
Updated-02 Dec, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-33188
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.02% / 3.00%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33187
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.01% / 2.48%
||
7 Day CHG~0.00%
Published-25 Nov, 2025 | 17:57
Updated-02 Dec, 2025 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_osdgx_sparkDGX Spark
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-33184
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 16:57
Updated-19 Nov, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Isaac-GR00T N1.5
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33183
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 16:57
Updated-19 Nov, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVIDIA Isaac-GR00T N1.5
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-33186
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-8.8||HIGH
EPSS-0.05% / 15.07%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:20
Updated-14 Nov, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-AuthN component of NVIDIA AIStore
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-33185
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.18%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:19
Updated-14 Nov, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure.  A successful exploit of this vulnerability may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-AuthN component of NVIDIA AIStore
CWE ID-CWE-862
Missing Authorization
CVE-2025-33202
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:19
Updated-08 Dec, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.

Action-Not Available
Vendor-NVIDIA CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-triton_inference_serverlinux_kernelwindowsTriton Inference Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-33178
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:18
Updated-11 Dec, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-23361
Assigner-NVIDIA Corporation
ShareView Details
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.33%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:18
Updated-11 Dec, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-nemoNeMo Framework
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')