CVE-2025-23298

Name of the Vulnerable Software and Affected Versions NVIDIA Merlin Transformers4Rec for all platforms (affected versions not specified)

Description NVIDIA Merlin Transformers4Rec contains a flaw in a Python dependency that could allow an attacker to cause a code injection issue. Successful exploitation of this issue may lead to remote code execution, escalation of privileges, information disclosure, and data tampering. The vulnerability resides in the load model trainer states from checkpoint function, which uses torch.load() from PyTorch without security parameters. torch.load() utilizes Python's pickle module, which is known to be unsafe when processing untrusted data. The pickle module allows the serialization and deserialization of arbitrary Python objects, including those that can execute code during deserialization. An attacker can create a malicious checkpoint file that executes arbitrary commands when loaded. The vulnerability was addressed in commit b7eaea5, which modified the checkpoint loading process and added validation to serialized Python objects.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.