CVE-2025-23310

Published Aug 6, 2025

Last updated 7 months ago

CVSS critical 9.8
NVIDIA Triton Inference Server

Overview

Description
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.
Source
psirt@nvidia.com
NVD status
Analyzed
Products
triton_inference_server

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@nvidia.com
CWE-121

Social media

Hype score
Not currently trending

  1. 🚨Alert🚨 : CVE-2025-23319&CVE-2025-23320&CVE-2025-23334: NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers CVE-2025-23310&CVE-2025-23311&CVE-2025-23317: Critical Triton Flaws Expose AI Servers to Remote Takeover 📊3.6K+ Ser

    @HunterMapping

    6 Aug 2025

    2631 Impressions

    14 Retweets

    45 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  2. Today, we’re disclosing two 9.8 CVSS memory corruption vulnerabilities in the @NVIDIA Triton Inference Server that lets attackers crash production AI services through malicious HTTP requests (CVE-2025-23310 and CVE-2025-23311) 🧵

    @trailofbits

    5 Aug 2025

    9739 Impressions

    20 Retweets

    77 Likes

    17 Bookmarks

    1 Reply

    3 Quotes

Configurations

Related CVEs

  1. NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.CVE-2025-33211
  2. NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.CVE-2025-33201
  3. NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.CVE-2025-33202
  4. NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.CVE-2025-23316
  5. NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.CVE-2025-23328

References

Sources include official advisories and independent security research.