Platform
nvidia
Component
nemo-agent-toolkit
Opgelost in
1.3.1
CVE-2025-33203 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in the NVIDIA NeMo Agent Toolkit UI for Web. This flaw allows an attacker to potentially trigger unintended requests to internal or external resources, leading to information disclosure or denial-of-service conditions. The vulnerability impacts all versions of the UI prior to 1.3.0, and a patch is available in version 1.3.0.
The SSRF vulnerability in NVIDIA NeMo Agent Toolkit UI for Web allows an attacker to craft malicious requests through the chat API endpoint. This can be exploited to access internal resources that are not directly accessible from the outside, potentially exposing sensitive data such as configuration files, internal API endpoints, or even cloud metadata. Successful exploitation could also lead to a denial-of-service by overwhelming the server with requests or targeting internal services. While the description doesn't specify a direct path to code execution, the ability to make arbitrary requests opens the door to reconnaissance and potential exploitation of other vulnerabilities within the targeted environment.
CVE-2025-33203 was publicly disclosed on 2025-11-25. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. Public proof-of-concept (POC) code is currently unavailable, but the SSRF nature of the vulnerability makes it likely that a POC will be developed and shared in the future. The NVD entry provides further details.
Organizations deploying NVIDIA NeMo Agent Toolkit UI for Web in environments with sensitive internal resources are at risk. Specifically, deployments that expose internal APIs or services through the UI are particularly vulnerable. Shared hosting environments where multiple users share the same instance of the toolkit could also be affected, as an attacker could potentially exploit the vulnerability on behalf of another user.
• linux / server:
journalctl -u nemotoolkitui -g "SSRF attempt"• generic web:
curl -I 'http://<nemotoolkitui_ip>/chat/api?url=http://169.254.169.254/latest/meta-data/'• generic web:
grep -i 'ssrf' /var/log/nginx/access.logdisclosure
Exploit Status
EPSS
0.05% (15% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-33203 is to upgrade to NVIDIA NeMo Agent Toolkit UI for Web version 1.3.0 or later, which contains the fix. If immediate upgrading is not feasible, consider implementing input validation and sanitization on the chat API endpoint to restrict the URLs that can be accessed. Deploying a Web Application Firewall (WAF) with SSRF protection rules can also help block malicious requests. Regularly review and update firewall rules to reflect the latest threat intelligence.
Werk NVIDIA NeMo Agent Toolkit UI for Web bij naar versie 1.3.0 of hoger. Deze versie bevat de correctie voor de Server-Side Request Forgery (SSRF) kwetsbaarheid in de chat API endpoint. De update zal het risico op informatie openbaarmaking en denial of service verminderen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-33203 is a Server-Side Request Forgery vulnerability in NVIDIA NeMo Agent Toolkit UI for Web versions before 1.3.0, allowing attackers to trigger unintended requests and potentially expose sensitive data.
If you are using NVIDIA NeMo Agent Toolkit UI for Web versions prior to 1.3.0, you are potentially affected by this SSRF vulnerability.
Upgrade to NVIDIA NeMo Agent Toolkit UI for Web version 1.3.0 or later to resolve the vulnerability. Consider input validation as a temporary workaround.
There is currently no public information indicating active exploitation of CVE-2025-33203, but the SSRF nature of the vulnerability makes it a potential target.
Refer to the NVIDIA security advisory for detailed information and updates regarding CVE-2025-33203: [https://nvidia.github.io/security-bulletins/](https://nvidia.github.io/security-bulletins/)
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.