AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-33233: NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection.

highvulnerability

security

Source: NVD/CVE DatabaseJanuary 20, 2026CVE-2025-33233

Summary

NVIDIA Merlin Transformers4Rec contains a code injection vulnerability (CWE-94, a weakness where attackers can trick software into running malicious code) that could let attackers execute arbitrary code, gain elevated permissions, steal information, or modify data. The vulnerability affects all platforms running this software. A CVSS severity score has not yet been assigned by NIST.