CVE-2025-23334
Published Aug 6, 2025
Last updated 8 days ago
AI description
CVE-2025-23334 is a vulnerability found in the Python backend of NVIDIA Triton Inference Server for Windows and Linux. The vulnerability allows an attacker to cause an out-of-bounds read by sending a request. A successful exploit of CVE-2025-23334 might lead to information disclosure. This vulnerability is addressed in version 25.07.
- Description
- NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.
- Source
- psirt@nvidia.com
- NVD status
- Analyzed
- Products
- triton_inference_server
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- psirt@nvidia.com
- CWE-125
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-23334
@transilienceai
10 Aug 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2025-23319, CVE-2025-23320, CVE-2025-23334: A Vulnerability Chain Leading to AI Server Takeover • ZoomEye Dork: app="NVIDIA Triton Inference Server" • Results: 1,287 • ZoomEye Link: https://t.co/OoxbcI49Tf • Info: https://t.co/0pHa8j3nQQ • CVSS: 8.1, 7.5, 5.9
@DarkWebInformer
8 Aug 2025
4314 Impressions
11 Retweets
51 Likes
14 Bookmarks
2 Replies
0 Quotes
🚨Alert🚨 : CVE-2025-23319&CVE-2025-23320&CVE-2025-23334: NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers CVE-2025-23310&CVE-2025-23311&CVE-2025-23317: Critical Triton Flaws Expose AI Servers to Remote Takeover 📊3.6K+ Ser
@HunterMapping
6 Aug 2025
2631 Impressions
14 Retweets
45 Likes
11 Bookmarks
1 Reply
0 Quotes
Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover Wiz Research discovered critical vulnerabilities in NVIDIA’s Triton Inference Server (CVE-2025-23319, CVE-2025-23320, CVE-2025-23334) that could let remote, unauthenticated attackers gain full contro
@dCypherIO
5 Aug 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIA Triton Inference Server’da Kritik Güvenlik Açıkları: CVE-2025-23319, CVE-2025-23320, CVE-2025-23334 https://t.co/DDRax1c2Qb
@umidcybers
5 Aug 2025
71 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨NVIDIA Triton Inference Server vuln chain alert! CVE-2025-23319, CVE-2025-23320, CVE-2025-23334: Info leak in Python backend leads to full RCE. Steal models, manipulate inferences, expose data, or pivot deeper. @nvidia ZoomEye Dork👉app="NVIDIA Triton Inference Serv
@zoomeye_team
5 Aug 2025
2091 Impressions
9 Retweets
38 Likes
14 Bookmarks
1 Reply
0 Quotes
NvidiaがTriton Inference Serverにおける重大(Critical)な遠隔コード実行の脆弱性チェーンを修正。CVE-2025-23319, CVE-2025-23320, CVE-2025-23334で、その他脆弱性も修正されている。 https://t.co/1DPR2FtD19
@__kokumoto
4 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2168003B-4C9F-4733-89F5-EA17B1228F95",
"versionEndExcluding": "25.07"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]