What is the CVSS score of CVE-2025-33247?

CVE-2025-33247 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Nvidia are affected by CVE-2025-33247?

NVIDIA Megatron LM contains a critical remote code execution vulnerability affecting all versions, with no patch currently available.

How to fix or mitigate CVE-2025-33247?

Within 24 hours: Inventory all systems running NVIDIA Megatron LM and isolate them from untrusted networks; notify affected teams and establish incident response readiness. Within 7 days: Implement network segmentation to restrict access to Megatron LM systems to authorized personnel only and disable quantization configuration loading if not operationally critical. Within 30 days: Monitor NVIDIA security advisories for patch availability, evaluate migration to alternative frameworks if vendor patch timeline exceeds acceptable risk tolerance, and conduct security assessment of all affected systems.

Nvidia CVE-2025-33247

EUVD-2025-208974 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-03-24 nvidia

GHSA-qm3j-hh5g-jmq2

RCE Information Disclosure Nvidia Deserialization

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 24, 2026 - 20:31 euvd

EUVD-2025-208974

Analysis Generated

Mar 24, 2026 - 20:31 vuln.today

CVE Published

Mar 24, 2026 - 20:23 nvd

HIGH 7.8

DescriptionCVE.org

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

AnalysisAI

NVIDIA Megatron LM contains an insecure deserialization vulnerability (CWE-502) in its quantization configuration loading mechanism that enables remote code execution. Attackers with local access and low privileges can exploit this flaw to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability has a CVSS score of 7.8 and affects all versions of NVIDIA Megatron LM based on available CPE data.

Technical ContextAI

NVIDIA Megatron LM is a large-scale transformer model training framework used for natural language processing tasks. The vulnerability stems from unsafe deserialization (CWE-502) during the loading of quantization configuration files. Insecure deserialization occurs when untrusted data is used to reconstruct objects without proper validation, allowing attackers to inject malicious serialized objects that execute arbitrary code when deserialized. The affected product is identified via CPE as cpe:2.3:a:nvidia:megatron_lm:*:*:*:*:*:*:*:*, indicating all current versions are vulnerable. Quantization is a model compression technique, and the configuration loading process for this feature appears to lack input validation, creating an attack surface where malicious configuration files can be crafted to exploit the deserialization mechanism.

RemediationAI

Consult the official NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5769 for patches and updated versions of Megatron LM that address this deserialization vulnerability. Until patching is completed, implement defense-in-depth controls including restricting access to quantization configuration files through file system permissions, validating and sanitizing all configuration inputs before processing, limiting local system access to only trusted users, and monitoring for suspicious configuration file modifications or unexpected process behavior. Organizations should also review access controls on systems running Megatron LM and implement principle of least privilege to reduce the attack surface, as the vulnerability requires local authenticated access to exploit.