NVIDIA TRT-LLM Vulnerability Exposes AI Workloads to RCE
The National Vulnerability Database has disclosed CVE-2025-33255, a high-severity vulnerability affecting NVIDIA TRT-LLM across all platforms. This flaw resides in the MPI server, where an attacker can trigger unsafe deserialization. Such an exploit carries significant risk, potentially leading to remote code execution, denial of service, data tampering, and information disclosure.
This isn’t a theoretical issue; unsafe deserialization (CWE-502) is a well-trodden path for attackers to gain arbitrary code execution. When an attacker can manipulate serialized data, they can often inject malicious objects or alter application logic, turning a data exchange into a system compromise. For AI/ML environments, this means an attacker could seize control of critical infrastructure, manipulate models, or exfiltrate sensitive training data.
Defenders leveraging NVIDIA TRT-LLM must prioritize addressing this. The high CVSS score of 7.5, coupled with the potential for code execution, demands immediate attention. Organizations need to understand their exposure and implement mitigation strategies without delay.
What This Means For You
- If your organization uses NVIDIA TRT-LLM, you need to understand the implications of CVE-2025-33255 immediately. An attacker can leverage unsafe deserialization for full system compromise. Identify all instances of TRT-LLM in your environment, assess your exposure to the MPI server, and prepare to patch or implement compensating controls as soon as NVIDIA releases a fix.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-33255 - Unsafe Deserialization in NVIDIA TRT-LLM MPI Server
title: CVE-2025-33255 - Unsafe Deserialization in NVIDIA TRT-LLM MPI Server
id: scw-2026-05-20-ai-1
status: experimental
level: high
description: |
Detects the execution of the NVIDIA TRT-LLM MPI server process with command line arguments indicative of an unsafe deserialization attempt, which is the core vulnerability in CVE-2025-33255. This could lead to RCE.
author: SCW Feed Engine (AI-generated)
date: 2026-05-20
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-33255/
tags:
- attack.persistence
- attack.t1505.003
logsource:
category: process_creation
detection:
selection:
Image|contains:
- 'trt-llm-mpiserver'
CommandLine|contains:
- 'deserialize'
- 'unsafe'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-33255 | Deserialization | NVIDIA TRT-LLM MPI server |
| CVE-2025-33255 | RCE | NVIDIA TRT-LLM MPI server unsafe deserialization |
| CVE-2025-33255 | DoS | NVIDIA TRT-LLM MPI server unsafe deserialization |
| CVE-2025-33255 | Information Disclosure | NVIDIA TRT-LLM MPI server unsafe deserialization |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 20, 2026 at 07:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...