CVE-2025-33249 Detail Description NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. Metrics CVSS 3.x Severity and Vector Strings: CNA Base Score: 7.8 (High) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H References to Advisories, Solutions, and Tools NVD Page - NVIDIA Corporation NVIDIA Advisory - Vendor Advisory CVE.org Record - Third Party Advisory Weakness Enumeration CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') Known Affected Software Configurations cpe:2.3:a:nvidia:nemo::::::::: up to (excluding) 2.6.1 Quick Info CVE Dictionary Entry: CVE-2025-33249 NVD Published Date: 02/18/2026 NVD Last Modified: 02/20/2026 Source: NVIDIA Corporation