CVE-2025-23310
Published Aug 6, 2025
Last updated 9 days ago
AI description
CVE-2025-23310 is a vulnerability in NVIDIA's Triton Inference Server for Windows and Linux. It involves a stack buffer overflow that can be triggered by specially crafted inputs. An attacker could exploit this vulnerability to achieve remote code execution (RCE), denial of service (DoS), information disclosure, and data tampering. This vulnerability is one of several identified in the NVIDIA Triton Inference Server. Exploiting CVE-2025-23310 does not require user interaction or authentication. Update 25.07 addresses this and other vulnerabilities.
- Description
- NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
- Products
- triton_inference_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@nvidia.com
- CWE-121
- Hype score
- Not currently trending
🚨Alert🚨 : CVE-2025-23319&CVE-2025-23320&CVE-2025-23334: NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers CVE-2025-23310&CVE-2025-23311&CVE-2025-23317: Critical Triton Flaws Expose AI Servers to Remote Takeover 📊3.6K+ Ser
@HunterMapping
6 Aug 2025
2631 Impressions
14 Retweets
45 Likes
11 Bookmarks
1 Reply
0 Quotes
Today, we’re disclosing two 9.8 CVSS memory corruption vulnerabilities in the @NVIDIA Triton Inference Server that lets attackers crash production AI services through malicious HTTP requests (CVE-2025-23310 and CVE-2025-23311) 🧵
@trailofbits
5 Aug 2025
9739 Impressions
20 Retweets
77 Likes
17 Bookmarks
1 Reply
3 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2168003B-4C9F-4733-89F5-EA17B1228F95",
"versionEndExcluding": "25.07"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]