Scan free
HIGHCVE-2025-23298CVSS 7.8

CVE-2025-23298: Code Injection in NVIDIA Merlin Transformers4Rec

Platform

nvidia

Component

transformers4rec

Fixed in

7.0.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2025-23298 describes a code injection vulnerability discovered in NVIDIA Merlin Transformers4Rec, a platform for building and deploying recommendation models. Successful exploitation could allow an attacker to execute arbitrary code, potentially leading to privilege escalation, information disclosure, and data manipulation. This vulnerability affects versions of Transformers4Rec prior to the inclusion of code commit b7eaea5; upgrading to a version containing this commit resolves the issue.

Impact and Attack Scenarios

The code injection vulnerability in NVIDIA Merlin Transformers4Rec presents a significant risk. An attacker could inject malicious code into the system, potentially gaining control over the affected environment. This could involve executing arbitrary commands with the privileges of the Merlin Transformers4Rec process, leading to data exfiltration, modification of recommendation models, or even complete system compromise. The impact is amplified if Merlin Transformers4Rec is deployed in a production environment handling sensitive user data or critical business processes. The ability to tamper with recommendation models could also lead to manipulation of user behavior and financial losses.

Exploitation Context

CVE-2025-23298 was publicly disclosed on 2025-08-13. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits. Given the nature of code injection vulnerabilities, it is reasonable to assume that attackers will actively seek to develop and deploy exploits once they become aware of the vulnerability.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureLow

EPSS

0.03% (7% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.8HIGHAttack VectorLocalHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Local — attacker needs a local shell or interactive session on the system.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componenttransformers4rec
VendorNVIDIA
Affected rangeFixed in
All versions that do not include code commit b7eaea5 – All versions that do not include code commit b7eaea57.0.1

Weakness Classification (CWE)

CWE-94

Timeline

  1. Reserved
  2. Published
  3. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-23298 is to upgrade to a version of NVIDIA Merlin Transformers4Rec that includes code commit b7eaea5. If an immediate upgrade is not feasible due to compatibility concerns or deployment constraints, consider isolating affected instances and limiting network access to minimize the attack surface. While a direct WAF rule is unlikely to be effective against code injection, carefully reviewing and restricting the inputs to the Python dependency could offer a limited layer of defense. Monitor system logs for unusual activity or unexpected code execution patterns.

How to fix

Actualice NVIDIA Merlin Transformers4Rec a una versión que incluya el commit b7eaea5 o posterior. Esto solucionará la vulnerabilidad de inyección de código. Consulte las notas de la versión y las instrucciones de actualización proporcionadas por NVIDIA.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-23298 — Code Injection in NVIDIA Merlin Transformers4Rec?

CVE-2025-23298 is a code injection vulnerability affecting NVIDIA Merlin Transformers4Rec versions before commit b7eaea5. It allows attackers to potentially execute code and compromise the system.

Am I affected by CVE-2025-23298 in NVIDIA Merlin Transformers4Rec?

You are affected if you are using NVIDIA Merlin Transformers4Rec versions prior to the one including commit b7eaea5. Check your version and upgrade if necessary.

How do I fix CVE-2025-23298 in NVIDIA Merlin Transformers4Rec?

Upgrade to a version of NVIDIA Merlin Transformers4Rec that includes code commit b7eaea5. This resolves the code injection vulnerability.

Is CVE-2025-23298 being actively exploited?

Currently, there are no publicly known active exploits, but the vulnerability is considered high severity and exploitation is possible.

Where can I find the official NVIDIA advisory for CVE-2025-23298?

Refer to the NVIDIA security bulletin for details and updates regarding CVE-2025-23298: [https://www.nvidia.com/en-us/security/cve/CVE-2025-23298](https://www.nvidia.com/en-us/security/cve/CVE-2025-23298)

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs