top of page

NVIDIA Merlin Flaws Permit AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec

  • Dec 15, 2025
  • 2 min read

Key Findings


  • NVIDIA has issued critical security updates for its Merlin framework, addressing high-severity vulnerabilities (CVSS 8.8) in two key components: NVTabular and Transformers4Rec.

  • The vulnerabilities stem from unsafe deserialization, which could allow attackers to execute malicious code, tamper with data, or cause denial of service in AI recommendation pipelines.

  • The first flaw (CVE-2025-33214) affects the Workflow component of NVTabular, a feature engineering library for large datasets.

  • The second flaw (CVE-2025-33213) resides in the Trainer component of Transformers4Rec, a library for training Transformer-based recommendation models.

  • NVIDIA has released updated code branches to mitigate these risks, urging administrators and developers to apply the patches immediately.


Background


NVIDIA's Merlin is a comprehensive framework for building and deploying AI-powered recommendation systems. It includes a suite of specialized libraries, such as NVTabular for data preprocessing and Transformers4Rec for model training.


These components are widely used in the industry to build and deploy cutting-edge recommendation engines, often processing terabytes of user data and tasked with making real-time decisions that impact user experiences.


NVTabular Vulnerability (CVE-2025-33214)


  • The vulnerability in NVTabular's Workflow component could allow an attacker to trigger a deserialization issue.

  • A successful exploit could lead to code execution, denial of service, information disclosure, and data tampering within the data preprocessing pipeline.

  • This poses a significant risk for data scientists and engineers relying on NVTabular to prepare massive datasets for model training.


Transformers4Rec Vulnerability (CVE-2025-33213)


  • A parallel vulnerability was discovered in the Trainer component of Transformers4Rec, NVIDIA's library for training Transformer-based recommendation models.

  • This flaw also stems from unsafe deserialization and could allow attackers to execute arbitrary code, cause denial of service, disclose information, and tamper with data.

  • The impact of this vulnerability is particularly concerning, as it could undermine the integrity of the recommendation models trained using Transformers4Rec.


Mitigation


  • NVIDIA has released updated code branches to address these vulnerabilities.

  • For NVTabular (CVE-2025-33214), users should update to any code branch that includes commit 5dd11f4.

  • For Transformers4Rec (CVE-2025-33213), users should update to any code branch that includes commit 876f19e.

  • Applying these patches is crucial to maintain the security and integrity of AI/ML workflows relying on the Merlin framework.


Sources


  • https://securityonline.info/nvidia-merlin-flaws-risk-ai-pipeline-rce-via-unsafe-deserialization-in-nvtabular-transformers4rec/

  • https://x.com/the_yellow_fall/status/2000397103416397847

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page