CVE 8.8 HIGH

CVE-2025-33213_CVE-2025-33213

December 9, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

AI Analysis

Deserialization vulnerability in NVIDIA Merlin Transformers4Rec allowing code execution, denial of service, information disclosure, and data tampering

Basic Information

ID CVE-2025-33213

Source nvidia

Published Dec 9, 2025 at 17:48

Affected Product

Vendor NVIDIA

Product Merlin Transformers4Rec

Version All versions that do not include commit 876f19e

Affected Versions NVIDIA Merlin Transformers4Rec All versions that do not include commit 876f19e

CWE Classification

CWE-502

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor NVIDIA

Product Merlin Transformers4Rec

Version All versions that do not include commit 876f19e

References

{
    "lastseen": "",
    "description": "NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.",
    "published": "2025-12-09T17:48:47.438Z",
    "modified": "2025-12-09T17:48:47.438Z",
    "type": "cve",
    "title": "CVE-2025-33213",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2025-33213\nhttps://www.cve.org/CVERecord?id=CVE-2025-33213\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5739",
    "id": "CVE-2025-33213",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA Merlin Transformers4Rec All versions that do not include commit 876f19e",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Merlin Transformers4Rec",
    "version": "All versions that do not include commit 876f19e",
    "vendor": "NVIDIA",
    "ai_description": "Deserialization vulnerability in NVIDIA Merlin Transformers4Rec allowing code execution, denial of service, information disclosure, and data tampering",
    "ai_severity": "High",
    "ai_vendor": "NVIDIA",
    "ai_product": "Merlin Transformers4Rec",
    "ai_version": "All versions that do not include commit 876f19e",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply