CVE-2025-33233: NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection.
Summary
NVIDIA Merlin Transformers4Rec contains a code injection vulnerability (CWE-94, a weakness where attackers can trick software into running malicious code) that could let attackers execute arbitrary code, gain elevated permissions, steal information, or modify data. The vulnerability affects all platforms running this software. A CVSS severity score has not yet been assigned by NIST.
Vulnerability Details
7.8(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-33233
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 92%