CVE-2025-33213NVD

Vulnerability Summary

NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Severity Level

HIGH(8.8)

Published Date

Dec 9, 2025

Last Modified

Dec 9, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-502: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-33213
https://nvidia.custhelp.com/app/answers/detail/a_id/5739
https://www.cve.org/CVERecord?id=CVE-2025-33213

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-33213NVD

Vulnerability Summary

External References