top of page
Search

NVIDIA Merlin Flaws Permit AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

  • Dec 15, 2025
  • 2 min read

Key Findings


  • NVIDIA has issued critical security updates for its Merlin framework, addressing high-severity vulnerabilities (CVSS 8.8) in two key components: NVTabular and Transformers4Rec.

  • The vulnerabilities stem from unsafe deserialization, which could allow attackers to execute malicious code, tamper with data, or cause denial of service in AI recommendation pipelines.

  • The first flaw (CVE-2025-33214) affects the Workflow component of NVTabular, a feature engineering library for large datasets.

  • The second flaw (CVE-2025-33213) resides in the Trainer component of Transformers4Rec, a library for training Transformer-based recommendation models.

  • NVIDIA has released updated code branches to mitigate these risks, urging administrators and developers to apply the patches immediately.


Background


NVIDIA's Merlin is a comprehensive framework for building and deploying AI-powered recommendation systems. It includes a suite of specialized libraries, such as NVTabular for data preprocessing and Transformers4Rec for model training.


These components are widely used in the industry to build and deploy cutting-edge recommendation engines, often processing terabytes of user data and tasked with making real-time decisions that impact user experiences.


NVTabular Vulnerability (CVE-2025-33214)


  • The vulnerability in NVTabular's Workflow component could allow an attacker to trigger a deserialization issue.

  • A successful exploit could lead to code execution, denial of service, information disclosure, and data tampering within the data preprocessing pipeline.

  • This poses a significant risk for data scientists and engineers relying on NVTabular to prepare massive datasets for model training.


Transformers4Rec Vulnerability (CVE-2025-33213)


  • A parallel vulnerability was discovered in the Trainer component of Transformers4Rec, NVIDIA's library for training Transformer-based recommendation models.

  • This flaw also stems from unsafe deserialization and could allow attackers to execute arbitrary code, cause denial of service, disclose information, and tamper with data.

  • The impact of this vulnerability is particularly concerning, as it could undermine the integrity of the recommendation models trained using Transformers4Rec.


Mitigation


  • NVIDIA has released updated code branches to address these vulnerabilities.

  • For NVTabular (CVE-2025-33214), users should update to any code branch that includes commit 5dd11f4.

  • For Transformers4Rec (CVE-2025-33213), users should update to any code branch that includes commit 876f19e.

  • Applying these patches is crucial to maintain the security and integrity of AI/ML workflows relying on the Merlin framework.


Sources


  • https://securityonline.info/nvidia-merlin-flaws-risk-ai-pipeline-rce-via-unsafe-deserialization-in-nvtabular-transformers4rec/

  • https://x.com/the_yellow_fall/status/2000397103416397847

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page