InfoSecBulletin Cybersecurity for mankind
NVIDIA has issued a dual security alert for developers and data scientists, announcing important updates for its Nsight Graphics and Merlin recommender system. Both vulnerabilities have a high CVSS score of 7.8 and can allow harmful code injection attacks that may compromise entire systems.
The flaws jeopardize the tools needed for creating future visual applications and AI models, threatening development processes.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CVE-2025-33206 is a vulnerability in Nsight Graphics, a tool for debugging graphics applications, affecting its Linux version. This flaw allows attackers to run malicious commands.
According to the security bulletin, “NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection”.
Exploiting this vulnerability could have serious consequences. The bulletin states that a successful attack might allow code execution, privilege escalation, data tampering, and denial of service. This means an attacker could take control of a developer’s workstation or crash their debugging environment.
The vulnerability affects “All versions prior to NSIGHT Graphics 2025.5” on Linux. Developers are urged to “download and install this software update from the Download NVIDIA NSIGHT Graphics page” to version 2025.5.
The second patch fixes a security flaw in NVIDIA Merlin Transformers4Rec, a library for creating recommendation systems with Transformers. Known as CVE-2025-33233, this vulnerability affects all platforms and is as severe as the graphics issue.
“NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause a code injection issue,” the advisory states.
Like the Nsight flaw, this vulnerability allows for a range of malicious outcomes, including “Code Execution, Data Tampering, Information Disclosure, and Escalation of Privileges”. For AI researchers working with sensitive datasets or proprietary models, the risk of information disclosure and data tampering is particularly acute.
All software versions lacking a specific security commit are affected. To fix this, users should update to any code branch with commit 27ddd49.
