NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec
Ddos 
NVIDIA has issued an important security update for its Merlin framework, patching high-severity vulnerabilities that could allow attackers to execute malicious code or tamper with sensitive data within AI recommendation pipelines. The patches address flaws in two key components—NVTabular and Transformers4Rec—both running on Linux systems.
The vulnerabilities, rated with a Base Score of 8.8 (High), stem from unsafe deserialization, a common weakness that attackers often leverage to trick applications into executing untrusted data as code.
The first vulnerability, tracked as CVE-2025-33214, targets NVTabular, a feature engineering library designed to manipulate terabyte-scale datasets. The issue resides specifically within the software’s Workflow component.
According to the security bulletin, “NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue”.
If left unpatched, this flaw opens the door to a wide range of malicious activities. NVIDIA warns that a “successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering”. For data scientists and engineers relying on NVTabular to preprocess massive datasets, this means an attacker could potentially poison the data pipeline or crash the system entirely.
A parallel vulnerability (CVE-2025-33213) was discovered in Transformers4Rec, a library used for training Transformer architectures for recommendation systems. This flaw resides in the Trainer component.
The bulletin states that “NVIDIA Merlin Transformers4Rec for Linux contains a vulnerability in the Trainer component where a user may cause a deserialization issue”. Similar to its counterpart, a “successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering”.
NVIDIA has released updated code branches to mitigate these risks. Administrators and developers maintaining Merlin environments on Linux are urged to verify their installations against the following commit hashes:
- For NVTabular (CVE-2025-33214): Update to “Any code branch that includes commit 5dd11f4”.
- For Transformers4Rec (CVE-2025-33213): Update to “Any code branch that includes commit 876f19e”.
These updates are critical for maintaining the integrity of AI/ML workflows, ensuring that the systems training the next generation of recommendation engines remain secure against remote exploitation.
Donate