CVE-2025-33255

NVIDIA · TRT-LLM

A vulnerability in the NVIDIA TRT-LLM MPI server allows for unsafe deserialization of data.

Executive summary

NVIDIA TRT-LLM is vulnerable to an unsafe deserialization attack within the MPI server component, posing a significant risk of arbitrary code execution.

Vulnerability

This vulnerability affects the MPI server component within NVIDIA TRT-LLM. It involves unsafe deserialization, which typically allows an attacker to manipulate data structures to execute arbitrary code or cause memory corruption.

Business impact

An unsafe deserialization flaw is highly dangerous, as it often provides a direct path to Remote Code Execution (RCE). With a CVSS score of 7.5, this vulnerability carries a high risk of total system compromise, potentially leading to data exfiltration or the complete takeover of the affected host environment.

Remediation

Immediate Action: Identify and apply the latest security updates provided by NVIDIA for the TRT-LLM platform immediately.

Proactive Monitoring: Monitor MPI server traffic for malformed or suspicious deserialization payloads that deviate from expected communication patterns.

Compensating Controls: Restrict access to the MPI server interface to authorized hosts only using firewall rules or network access control lists (ACLs).

Exploitation status

Public Exploit Available: false

Analyst recommendation

Deserialization vulnerabilities are critical security concerns that require prompt patching. It is strongly recommended that security teams verify their TRT-LLM versioning against NVIDIA’s official security advisories and apply the necessary patches immediately to prevent potential exploitation of the MPI server.