Critical Deserialization Vulnerabilities in AI and Analytics Frameworks
Multiple high-severity deserialization vulnerabilities have been identified in widely used AI and analytics frameworks, including NVIDIA Isaac Lab, MooreThreads torch_musa, and NVIDIA Merlin components. These flaws allow attackers to exploit unsafe deserialization processes, potentially leading to remote code execution or denial-of-service conditions on affected systems. In the case of MooreThreads torch_musa, the vulnerability arises from the use of pickle.load() on user-controlled files without validation, enabling arbitrary code execution with the privileges of the victim process. Similarly, NVIDIA Isaac Lab and Merlin frameworks are affected by deserialization issues that could be exploited remotely, with Merlin's NVTabular and Transformers4Rec components specifically highlighted for their susceptibility to code execution and data tampering attacks.
Security advisories urge immediate patching, as these vulnerabilities are remotely exploitable and pose significant risks to enterprise environments. The affected products span various versions, and organizations using these frameworks are advised to review vendor guidance and apply available security updates to mitigate the threat. The vulnerabilities have been assigned high or critical CVSS scores, underscoring the urgency for remediation to prevent potential exploitation in production environments.
Timeline
Dec 16, 2025
NVIDIA discloses critical Isaac Lab deserialization vulnerability
NVIDIA's PSIRT disclosed CVE-2025-33210, a critical deserialization vulnerability in NVIDIA Isaac Lab with potential for remote code execution. The issue was confirmed to affect Isaac Lab and prompted guidance to update to the latest version and apply available security patches.
Dec 15, 2025
Public PoC exploit reported for MooreThreads torch_musa vulnerability
Proof-of-concept exploit code for CVE-2025-65213 was reported as publicly available on GitHub, increasing the likelihood of exploitation in the wild. The PoC relates to unsafe use of pickle.load() on user-controlled file paths in torch_musa.
Dec 15, 2025
CVE-2025-65213 published for MooreThreads torch_musa RCE flaw
A critical deserialization vulnerability, CVE-2025-65213, was published for all versions of MooreThreads torch_musa, affecting functions in the torch_musa.utils.compare_tool module that use unsafe pickle deserialization. The issue can be exploited remotely without privileges or user interaction to achieve arbitrary code execution.
Dec 15, 2025
NVIDIA patches two high-severity Merlin deserialization flaws
NVIDIA released security patches for its Merlin framework to fix CVE-2025-33214 and CVE-2025-33213, two high-severity deserialization vulnerabilities affecting the NVTabular Workflow and Transformers4Rec Trainer components on Linux. The flaws could allow arbitrary code execution, denial of service, sensitive information disclosure, and data tampering.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Critical Code Execution Vulnerability in NVIDIA Isaac Lab AI Framework
A critical deserialization vulnerability (CVE-2025-32210) was discovered in NVIDIA Isaac Lab, a component of the NVIDIA Isaac Sim framework, allowing attackers with low privileges and minimal user interaction to execute arbitrary code on affected systems. The flaw, categorized as CWE-502, affects all versions of Isaac Lab prior to v2.3.0 and carries a CVSS score of 9.0, indicating a high risk to confidentiality, integrity, and availability. NVIDIA responded by releasing a security update that implements proper input validation and secure data handling, urging all users to upgrade to Isaac Lab v2.3.0 immediately to mitigate the risk of exploitation. The vulnerability also prompted broader advisories regarding critical security patches for NVIDIA's AI platforms, including both Isaac Lab and the NeMo Framework, due to the risk of full code execution if left unpatched. Organizations using these AI tools are strongly advised to verify their deployments and apply the latest security updates across all environments. The urgency of the patch is underscored by the potential for attackers to achieve complete system compromise through network-based attacks requiring only low-level access and user interaction.
1 months ago
NVIDIA BioNeMo and FLARE SDK Hit by High-Severity Deserialization Flaws
NVIDIA disclosed two high-severity deserialization vulnerabilities affecting **BioNeMo** and the **FLARE SDK**, both tracked under `CWE-502` and capable of compromising confidentiality, integrity, and availability. `CVE-2026-24164` impacts BioNeMo and could allow code execution, denial of service, information disclosure, and data tampering through deserialization of untrusted data. The flaw carries a `CVSS:3.1` vector of `AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H`, indicating remote attack potential with low complexity and high impact. A second flaw, `CVE-2026-24186`, affects the NVIDIA FLARE SDK in **FOBS** handling, where a malicious FOBS-encoded message can trigger unsafe deserialization and lead to code execution. That issue was scored `CVSS:3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`, reflecting similarly severe impact with no user interaction required. NVIDIA advisory material, NVD entries, and official CVE records were published for both vulnerabilities, signaling that organizations using either platform should review vendor guidance and prioritize remediation.
4 days ago
Critical Vulnerabilities in NVIDIA Isaac Launchable Allow Remote Code Execution and Privilege Escalation
NVIDIA has disclosed multiple critical vulnerabilities in its Isaac Launchable product, each carrying a CVSS v3.1 base score of 9.8, indicating a severe risk to affected systems. The vulnerabilities include two privilege escalation flaws (CVE-2025-33223 and CVE-2025-33224) that allow attackers to execute code with unnecessary privileges, potentially leading to code execution, escalation of privileges, denial of service, information disclosure, and data tampering. Additionally, a hard-coded credential vulnerability (CVE-2025-33222) could be exploited to achieve similar impacts, including unauthorized access and manipulation of system data. All vulnerabilities are remotely exploitable and require immediate attention. NVIDIA has released security updates to address these issues and strongly recommends that users download and install the latest version of Isaac Launchable to mitigate the risks. The official security bulletin provides detailed descriptions of each CVE, their associated CWE categories, and the potential impacts. Organizations using NVIDIA Isaac Launchable should prioritize patching to prevent exploitation, as the vulnerabilities could be leveraged by remote attackers without user interaction or prior authentication.
1 months ago