Official Updated 11/26/2025

Preface: AI vision models are artificial intelligence systems, often multimodal (Vision-Language Models or VLMs), that analyze and interpret visual data (images, videos) alongside text, enabling them to “see” and understand the world like humans, performing tasks from object recognition and image captioning to answering questions about visuals and generating new images, by converting visual info into a format comparable to text.

Background: You use NVIDIA TAO (Train, Adapt, Optimize) to rapidly build, customize, and deploy high-performance, domain-specific AI models (especially for vision) with less code, less data, and faster training by leveraging powerful pre-trained foundation models, fine-tuning them with your own data, and optimizing them for efficient inference on edge-to-cloud devices, saving significant time and resources.

The NVIDIA TAO Toolkit is designed to function with both real and synthetic data.

Training with Real Data: The primary function of the TAO Toolkit is to fine-tune NVIDIA’s extensive library of pretrained foundation models using your own proprietary (real-world) datasets. This process is low-code and enables the customization of models for specific use cases without needing deep AI expertise or training from scratch.

Leveraging Synthetic Data: Synthetic data is often used to address the challenges associated with real data collection, such as scarcity, expensive labeling, and rare edge cases.

Models can be initially trained on large volumes of synthetic data generated from tools like NVIDIA Omniverse Replicator or partner platforms (e.g., Sky Engine AI, AI. Reverie, Lexset).

Vulnerability details: (CVE-2025-33208) NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure

Official announcement: Please refer to the link for more details.

https://nvidia.custhelp.com/app/answers/detail/a_id/5730

Official Update 11/21/2025 04:36 PM

Preface: NeMo Curator is a Python library that includes a suite of modules for data-mining and synthetic data generation. They are scalable and optimized for GPUs, making them ideal for curating natural language data to train or fine-tune LLMs. With NeMo Curator, researchers in Natural Language Processing (NLP) can efficiently extract high-quality text from extensive raw web data sources.

NVIDIA NeMo Curator, particularly its image curation modules, requires a CUDA-enabled NVIDIA GPU and the corresponding CUDA Toolkit. The CUDA Toolkit is not installed as part of the NeMo Curator installation process itself, but rather is a prerequisite for utilizing GPU-accelerated features.

Background: NeMo Framework includes NeMo Curator because high-quality data is essential for training accurate generative AI models, and Curator provides a scalable, GPU-accelerated toolset for processing and preparing large datasets efficiently. It handles everything from cleaning and deduplicating text to generating synthetic data for model customization and evaluation, preventing data processing from becoming a bottleneck.

Potential risks under observation: The vulnerability arises when malicious files—such as JSONL files—are loaded by NeMo Curator. If these files are crafted to exploit weaknesses in how NeMo Curator parses or processes them, they can inject executable code.

Ref: Parser is related to predefined variables, as it can either parse data into variables or use predefined variables to perform its task.

Vulnerability details:

CVE-2025-33204         NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVE-2025-33205         NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5729

Preface: While web vulnerabilities can lead to various cyberattacks, they don’t directly or exclusively cause ransomware attacks. CSRF attacks exploit the trust a website has in a user’s browser to perform unauthorized actions on that website, while ransomware involves malware that encrypts a user’s system and demands payment.

Background: The official frontend user interface component for NeMo Agent Toolkit, an open-source library for building AI agents and workflows.

Prerequisites

• NeMo Agent Toolkit installed and configured
• Git
• Node.js (v18 or higher)
• npm or Docker

While Node.js v18 itself doesn’t inherently prevent or cause CSRF, it’s crucial to implement proper CSRF protection in your Node.js applications built with this version. Node.js v18 is now End-of-Life (EOL), meaning it no longer receives security updates, which makes implementing robust security measures even more critical.

Vulnerability details: CVE-2025-33203 – NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service.

Affected Products:      NeMo Agent ToolKit  

Platforms or OS: All platforms

Affected Product: NeMo Agent ToolKit

Affected Versions: All versions prior to 1.3.0

Updated Version: 1.3.0

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5726

Updated 11/21/2025 04:36 PM

Preface: NVIDIA DGX Spark will be used by AI developers, researchers, and data scientists who need to prototype and deploy large AI models on their desktop, including those working with agentic AI, LLMs, and robotics.

The NVIDIA DGX Secure Root of Trust (SRoT), more commonly referred to as the Hardware Root of Trust (HRoT), is a foundational security component embedded in the system’s hardware, including the main GPUs and the BlueField Data Processing Units (DPUs).

The term “NVIDIA DGX SROOT” refers to the Secure Root of Trust (SROOT) firmware component within the NVIDIA DGX Spark personal AI supercomputer. It is a security feature designed to ensure the integrity of the system’s secure boot process and certificate management.

Background: The DGX Spark runs on NVIDIA DGX OS, a customized Ubuntu Linux distribution that includes a full-stack NVIDIA AI software ecosystem. The NVIDIA GB10 is a Superchip that integrates separate CPU and GPU dies in a single package, and the operating system is not embedded within the CPU die itself. Instead, the OS is installed on external NVMe storage, and the system uses unified memory accessible by both dies.

The OS and related software stack are stored on external NVMe solid-state drives (SSDs), not on the CPU die. The DGX Spark workstation typically includes up to 4 TB of NVMe storage.

However, Nvidia SROOT is an internal firmware element located in the Nvidia DGX Spark GB10 systems. It is a specific firmware component that runs on the system’s hardware.

Vulnerability details: CVE-2025-33187 – NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2025-33187