CVE-2025-23311
Published Aug 6, 2025
Last updated 9 days ago
AI description
CVE-2025-23311 is a vulnerability in the NVIDIA Triton Inference Server that could allow an attacker to cause a stack overflow via crafted HTTP requests. Successful exploitation of this vulnerability may lead to remote code execution, denial of service, information disclosure, or data tampering. Specifically, the vulnerability is a stack overflow that can be triggered through specially crafted HTTP requests. NVIDIA has released a fix for this vulnerability in version 25.07.
- Description
- NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
- Products
- triton_inference_server
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@nvidia.com
- CWE-121
- Hype score
- Not currently trending
🚨 Alert: CVE-2025-23311 in NVIDIA Triton Inference Server is at high risk! 📈 A vulnerability could allow attackers to perform remote code execution, denial of service, or data tampering via stack overflow attacks. 🛡️ Update & safeguard your systems now! 🔒 #Cyber
@SecAideInfo
9 Aug 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: NVIDIA Triton Inference Server vulnerable to stack-based buffer overflow (CVE-2025-23311). Remote code execution possible—patch to 25.07+ now! 🔒 https://t.co/MmykgNlApu #OffSeq #CVE202523311 #AIsec... https://t.co/Covg79XjNw
@offseq
7 Aug 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 : CVE-2025-23319&CVE-2025-23320&CVE-2025-23334: NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers CVE-2025-23310&CVE-2025-23311&CVE-2025-23317: Critical Triton Flaws Expose AI Servers to Remote Takeover 📊3.6K+ Ser
@HunterMapping
6 Aug 2025
2631 Impressions
14 Retweets
45 Likes
11 Bookmarks
1 Reply
0 Quotes
Today, we’re disclosing two 9.8 CVSS memory corruption vulnerabilities in the @NVIDIA Triton Inference Server that lets attackers crash production AI services through malicious HTTP requests (CVE-2025-23310 and CVE-2025-23311) 🧵
@trailofbits
5 Aug 2025
9739 Impressions
20 Retweets
77 Likes
17 Bookmarks
1 Reply
3 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2168003B-4C9F-4733-89F5-EA17B1228F95",
"versionEndExcluding": "25.07"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]