NVIDIA has released urgent security patches for its Merlin machine learning framework after discovering two high-severity deserialization vulnerabilities that could enable attackers to execute malicious code, trigger denial-of-service attacks, and compromise sensitive data on Linux systems.
The security bulletin, published on December 9, 2025, identifies critical flaws in the NVTabular and Transformers4Rec components of NVIDIA Merlin, a widely used open-source framework for building large-scale recommender systems.
Both vulnerabilities carry CVSS base scores of 8.8, classified as “High” severity, and exploit insecure deserialization mechanisms that attackers can leverage remotely with minimal complexity.
Deserialization Flaws Enable Multiple Attack Vectors
CVE-2025-33214 affects the Workflow component in NVIDIA NVTabular, while CVE-2025-33213 targets the Trainer component in Merlin Transformers4Rec.
Both vulnerabilities stem from CWE-502 (Deserialization of Untrusted Data), allowing threat actors to manipulate serialized objects and inject malicious payloads.
Successful exploitation requires user interaction but no authentication, enabling attackers to achieve code execution, escalate privileges, disclose confidential information, and tamper with critical data.
The network-based attack vector (AV:N) means these flaws can be exploited remotely, significantly expanding the potential attack surface for organizations deploying Merlin in production environments.
NVIDIA urges all Merlin users to update their installations immediately by cloning or pulling the latest commits from the official GitHub repositories.
For NVTabular, users must update to commit 5dd11f4 or later; for Transformers4Rec, commit 876f19e or later is required. All versions before these commits remain vulnerable and should be considered at risk.
The vulnerabilities were responsibly disclosed by security researcher blazingwind, who received acknowledgment from NVIDIA’s Product Security Incident Response Team (PSIRT).
Organizations using NVIDIA Merlin for recommendation engines, personalization systems, or AI-driven analytics should prioritize patching to prevent potential data breaches and service disruptions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.