CVE-2025-33233_CVE-2025-33233

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Basic Information

ID CVE-2025-33233

Source nvidia

Published Jan 20, 2026 at 17:43

Affected Product

Vendor NVIDIA

Product Merlin Transformers4Rec

Version All code branches that do not include commit 27ddd49

Affected Versions NVIDIA Merlin Transformers4Rec All code branches that do not include commit 27ddd49

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.",
    "published": "2026-01-20T17:43:38.169Z",
    "modified": "2026-01-20T17:43:38.169Z",
    "type": "cve",
    "title": "CVE-2025-33233",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2025-33233\nhttps://www.cve.org/CVERecord?id=CVE-2025-33233\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5761",
    "id": "CVE-2025-33233",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA Merlin Transformers4Rec All code branches that do not include commit 27ddd49",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Merlin Transformers4Rec",
    "version": "All code branches that do not include commit 27ddd49",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}