CVE-2025-33255
NVIDIA TRT-LLM MPI Server Unsafe Deserialization Vulnerability
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | trt-llm | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the MPI server component of NVIDIA TRT-LLM on any platform. It involves unsafe deserialization, which means that the system improperly processes untrusted data during deserialization.
An attacker exploiting this vulnerability could cause serious security issues such as executing arbitrary code, causing denial of service, tampering with data, and disclosing sensitive information.
How can this vulnerability impact me? :
This vulnerability can have multiple severe impacts including:
- Code execution by an attacker, potentially allowing full control over the affected system.
- Denial of service, which can disrupt normal operations and availability.
- Data tampering, leading to integrity issues and corrupted or altered data.
- Information disclosure, exposing sensitive or confidential data to unauthorized parties.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA TRT-LLM's MPI server could lead to data tampering and information disclosure, which may impact compliance with standards and regulations that require data integrity and confidentiality, such as GDPR and HIPAA.
However, the provided information does not explicitly describe the direct effects on compliance with these or other common standards and regulations.