Platform
nvidia
Component
nemo-agent-toolkit
Fixed in
1.3.1
CVE-2025-33203 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the NVIDIA NeMo Agent Toolkit UI for Web. This flaw allows an attacker to potentially trigger unintended requests to internal or external resources, leading to information disclosure or denial-of-service conditions. The vulnerability impacts all versions of the UI prior to 1.3.0, and a patch is available in version 1.3.0.
The SSRF vulnerability in NVIDIA NeMo Agent Toolkit UI for Web allows an attacker to craft malicious requests through the chat API endpoint. This can be exploited to access internal resources that are not directly accessible from the outside, potentially exposing sensitive data such as configuration files, internal API endpoints, or even cloud metadata. Successful exploitation could also lead to a denial-of-service by overwhelming the server with requests or targeting internal services. While the description doesn't specify a direct path to code execution, the ability to make arbitrary requests opens the door to reconnaissance and potential exploitation of other vulnerabilities within the targeted environment.
CVE-2025-33203 was publicly disclosed on 2025-11-25. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept (POC) code is currently unavailable, but the SSRF nature of the vulnerability makes it likely that a POC will be developed and shared in the future. The NVD entry provides further details.
Exploit Status
EPSS
0.05% (15% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-33203 is to upgrade to NVIDIA NeMo Agent Toolkit UI for Web version 1.3.0 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing input validation and sanitization on the chat API endpoint to restrict the URLs that can be accessed. Deploying a Web Application Firewall (WAF) with SSRF protection rules can also help block malicious requests. Regularly review and update firewall rules to reflect the latest threat intelligence.
Update NVIDIA NeMo Agent Toolkit UI for Web to version 1.3.0 or later. This version contains the fix for the Server-Side Request Forgery (SSRF) vulnerability in the chat API endpoint. The update will mitigate the risk of information disclosure and denial of service.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-33203 is a Server-Side Request Forgery vulnerability in NVIDIA NeMo Agent Toolkit UI for Web versions before 1.3.0, allowing attackers to trigger unintended requests and potentially expose sensitive data.
If you are using NVIDIA NeMo Agent Toolkit UI for Web versions prior to 1.3.0, you are potentially affected by this SSRF vulnerability.
Upgrade to NVIDIA NeMo Agent Toolkit UI for Web version 1.3.0 or later to resolve the vulnerability. Consider input validation as a temporary workaround.
There is currently no public information indicating active exploitation of CVE-2025-33203, but the SSRF nature of the vulnerability makes it a potential target.
Refer to the NVIDIA security advisory for detailed information and updates regarding CVE-2025-33203: [https://nvidia.github.io/security-bulletins/](https://nvidia.github.io/security-bulletins/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.