NVIDIA Merlin Security Update: Fixing High-Severity Vulnerabilities
Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Search
320x100 Itcentric
Banner Ransomfeed 970x120 1
NVIDIA Merlin Security Update: Fixing High-Severity Vulnerabilities

NVIDIA Merlin Security Update: Fixing High-Severity Vulnerabilities

Redazione RHC : 15 December 2025 07:06

NVIDIA has released a significant security update for its Merlin framework, addressing several high-severity vulnerabilities. These vulnerabilities could allow attackers to execute malicious code or alter sensitive data within AI recommendation pipelines.

The first vulnerability, identified as CVE-2025-33214, concerns NVTabular . The issue centers on the software’s workflow, as a broad set of data processing features, designed to handle huge datasets, up to terabytes in size, presents a specific vulnerability in its workflow component.

If left unpatched, this flaw opens the door to a wide range of malicious activity. NVIDIA warns that “successful exploitation of this vulnerability could lead to code execution, denial of service, information disclosure, and data tampering.”

The vulnerabilities in question , rated with a CVSS score of 8.8 (high), arise from insecure deserialization, a common weakness that attackers often exploit to trick applications into running untrusted data as code.

Data scientists and engineers using NVTabular for preprocessing massive datasets should be aware that an attacker could theoretically compromise the data pipeline or even cause a complete system collapse.

The patches address vulnerabilities in two key components, NVTabular and Transformers4Rec, both running on Linux systems. According to the security bulletin, “NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue.”

Another, similar security flaw has been discovered in the Transformers4Rec library, used to train Transformer architectures for recommendation systems. The Trainer component was found to be the location of this vulnerability (CVE-2025-33213).

The bulletin states that “NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component that could cause a user to experience a deserialization issue.”

Ensuring that training systems are protected from remote exploitation is essential, making these updates crucial to safeguarding the integrity of work processes in AI and machine learning.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

  • #ai
  • #cybersecurity
  • #linux
  • #nvidia
  • machine learning
  • Merlin
  • NVTabular
  • patch
  • Security Update
  • Transformers4Rec
  • update
  • Vulnerabilities
Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli