- Description
- NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.
- Source
- psirt@nvidia.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
- psirt@nvidia.com
- CWE-502
- Hype score
- Not currently trending
NVIDIAのTensorRT-LLMに遠隔コード実行の脆弱性。CVE-2025-23254はCVSSスコア8.8で、Pythonのpickleモジュールを使用しての不適切なIPCの取扱い。修正版提供あり。 https://t.co/K3AKGnTyO9
@__kokumoto
3 May 2025
547 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-23254 NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM ser… https://t.co/EYsJPXjT4c
@CVEnew
1 May 2025
252 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-23254: HIGH] Critical vulnerability in NVIDIA TensorRT-LLM Python executor allows local attackers to manipulate data, potentially leading to code execution, information disclosure, and data tamperi...#cve,CVE-2025-23254,#cybersecurity https://t.co/208A392tVn https://t.c
@CveFindCom
1 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes