CVE-2025-33233
Description
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NVIDIA Merlin Transformers4Rec contains a code injection vulnerability that could allow an attacker to execute arbitrary code, escalate privileges, or tamper with data.
Vulnerability in
NVIDIA Merlin Transformers4Rec allows code injection due to improper handling of untrusted input. An attacker can inject malicious code that is executed in the context of the application, leading to arbitrary code execution, privilege escalation, information disclosure, or data tampering [1]. The vulnerability affects all platforms where Transformers4Rec is deployed.
Exploitation requires some level of access or ability to supply crafted input to the vulnerable component. The exact attack vector is not detailed in the public advisory, but the impact is severe, with a CVSS v3 base score of 7.8, indicating high severity [1].
Successful exploitation could allow an attacker to gain full control over the affected system, access sensitive data, or modify critical information. The vulnerability is particularly concerning in environments where Transformers4Rec is used in production pipelines for recommendation systems.
NVIDIA has not yet released a patch or mitigation details. Users should monitor the official NVIDIA security bulletin for updates and apply any recommended fixes as soon as they become available [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.