External risk intelligence

NVIDIA TRT-LLM could allow an internal attacker to take control of systems and alter data.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-33255

A flaw in NVIDIA TRT-LLM allows an internal attacker to gain unauthorized control of systems. This enables them to steal sensitive proprietary information, tamper with data, or crash services, directly threatening your model integrity and computing infrastructure.

1Halo Surface Signal

Deserialization

Nvidia Tensorrt Llm

before 1.2

External exposure likelihood

Halo Surface Signal score for CVE-2025-33255

The vulnerability affects an MPI server used in local cluster environments for distributed inference. MPI traffic is intended for backend cluster communication and is typically isolated within trusted internal networks, not exposed to the public internet.

Horizon Alert

Summary of the vulnerability and why it matters

NVIDIA TensorRT-LLM has a vulnerability where an unsafe deserialization in the MPI server could allow for code execution, data tampering, or information disclosure. This is a critical issue because it could compromise system integrity and confidentiality.

Unauthenticated network access is possible.
Could lead to significant data compromise.
Affects machine learning deployments.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by sending a specially crafted message to the vulnerable MPI server, triggering an unsafe deserialization process. This could allow them to execute arbitrary code on the server, leading to a compromise of the system, unauthorized data access, or service disruption.

Unauthenticated network access
Targeting MPI server deserialization
Successful data injection required

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in NVIDIA TRT-LLM's MPI server presents a significant risk of code execution, data tampering, and denial of service. While the potential impact is high, the attack vector is primarily confined to internal network environments, limiting direct external exploitation.

Primarily targets internal networks.
No public exploits observed.
Vendor advisory released.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize isolating or taking offline affected NVIDIA TensorRT-LLM services if they are exposed externally, given the critical nature of this unsafe deserialization vulnerability and its potential for code execution and data tampering. If immediate patching is not feasible, focus on network segmentation and robust monitoring to detect any exploitation attempts.

Apply patch version 1.2 or later.
Isolate MPI server network traffic.
Monitor for deserialization attacks.

Frequently asked questions

What is NVIDIA TensorRT-LLM and what is it used for?

NVIDIA TensorRT-LLM is a software component that enhances large language model (LLM) performance for machine learning deployments. It is used to optimize and accelerate the inference of LLMs, making them run faster and more efficiently on NVIDIA hardware.

What type of weakness does CVE-2025-33255 describe?

CVE-2025-33255 describes a weakness classified as CWE-502, which relates to unsafe deserialization. This means the software improperly handles data that has been converted into a format for storage or transmission, allowing for potentially malicious code to be processed.

What conditions are needed for this vulnerability to be triggered?

An attacker would need to send a specially crafted message to the vulnerable MPI server. This message would trigger an unsafe deserialization process. The vulnerability is not triggered by simply running the software; it requires a specific malicious input.

Who should be concerned about CVE-2025-33255, considering its Halo Surface Signal?

Organizations running NVIDIA TensorRT-LLM, especially those where the MPI server is accessible from internal networks, should be concerned. While not directly internet-facing, internal network access means potential exposure within an organization's infrastructure.

What is the first step for managing this vulnerability?

The recommended first step is to update NVIDIA TensorRT-LLM to version 1.2 or later, as this version is expected to contain a fix for the vulnerability. If immediate patching isn't possible, isolating the MPI server's network traffic is advised.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.