CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin

This report outlines a critical vulnerability in ML model checkpoint deserialization (use of Python pickle) that can enable supply-chain and arbitrary code execution attacks. It offers targeted recommendations for developers (avoid pickle, use weights_only=True, prefer safetensors/ONNX, restrict trusted classes), organizations (audit provenance, sign models, sandbox loading), and the ML community (deprecate pickle, update torch, develop secure serialization standards).