Ddos 
NVIDIA has issued a dual security warning for developers and data scientists, releasing critical updates for two of its specialized software suites: Nsight Graphics and the Merlin recommender system framework. Both vulnerabilities carry a high-severity CVSS score of 7.8 and expose users to dangerous code injection attacks that could lead to full system compromise.
The flaws affect the very tools used to build the next generation of visual applications and AI models, putting development pipelines at risk.
The first vulnerability, tracked as CVE-2025-33206, strikes at Nsight Graphics, a standalone developer tool used for debugging and profiling graphics applications. The flaw is specific to the Linux version of the software and opens a door for attackers to execute malicious commands.
According to the security bulletin, “NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection”.
If successfully exploited, the consequences are severe. The bulletin warns that a successful attack “might lead to code execution, escalation of privileges, data tampering, and denial of service”. This means an attacker could potentially gain control over a developer’s workstation or crash their critical debugging environment.
The vulnerability affects “All versions prior to NSIGHT Graphics 2025.5” on Linux. Developers are urged to “download and install this software update from the Download NVIDIA NSIGHT Graphics page” to version 2025.5.
The second patch addresses a security hole in NVIDIA Merlin Transformers4Rec, a library used for building recommendation systems with Transformer architectures. Tracked as CVE-2025-33233, this vulnerability spans all platforms and mirrors the severity of the graphics flaw.
“NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause a code injection issue,” the advisory states.
Like the Nsight flaw, this vulnerability allows for a range of malicious outcomes, including “Code Execution, Data Tampering, Information Disclosure, and Escalation of Privileges”. For AI researchers working with sensitive datasets or proprietary models, the risk of information disclosure and data tampering is particularly acute.
This issue affects all versions of the software that do not include a specific security commit. To resolve the issue, users must update to “Any code branch that includes commit 27ddd49”.
Related Posts:
- High-Severity Flaw Patched in NVIDIA Nsight Graphics for Linux
- The Desk-Side Revolution: NVIDIA’s DGX Spark Update Delivers 2.5× AI Speed Boost
- NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
