Severity
High
Analysis Summary
CVE-2025-33235 CVSS:7.8
NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.
CVE-2025-33225 CVSS:8.4
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
CVE-2025-33226 CVSS:7.8
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Impact
- Denial of Service
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-33235
CVE-2025-33225
CVE-2025-33226
Affected Vendors
- NVIDIA
Affected Products
- NVIDIA Resiliency Extension 0.5.0 - 0.4.1
- NVIDIA NeMo Framework 2.5.3
Remediation
Refer to NVIDIA Security Advisory for patch, upgrade, or suggested workaround information.