CVE-2025-23298_CVE-2025-23298

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Basic Information

ID CVE-2025-23298

Source nvidia

Published Aug 13, 2025 at 17:28

Modified Aug 13, 2025 at 18:05

Affected Product

Vendor NVIDIA

Product NVIDIA Merlin Transformers4Rec

Version All versions that do not include code commit b7eaea5

Affected Versions NVIDIA NVIDIA Merlin Transformers4Rec All versions that do not include code commit b7eaea5

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.",
    "published": "2025-08-13T17:28:53.506Z",
    "modified": "2025-08-13T18:05:43.018Z",
    "type": "cve",
    "title": "CVE-2025-23298",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2025-23298\nhttps://www.cve.org/CVERecord?id=CVE-2025-23298\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5683",
    "id": "CVE-2025-23298",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA NVIDIA Merlin Transformers4Rec All versions that do not include code commit b7eaea5",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NVIDIA Merlin Transformers4Rec",
    "version": "All versions that do not include code commit b7eaea5",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}