CVE-2025-23339

Published Sep 24, 2025

Last updated 6 months ago

CVSS low 3.3
NVIDIA CUDA Toolkit

Overview

Description
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.
Source
psirt@nvidia.com
NVD status
Analyzed
Products
cuda_toolkit

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@nvidia.com
CWE-121

Social media

Hype score
Not currently trending

  1. CVE-2025-23339 My first NVIDIA CVE🎉 (found via grammar-based fuzzing) https://t.co/RTDfngmPTl

    @gap_dev

    16 Dec 2025

    8846 Impressions

    13 Retweets

    231 Likes

    60 Bookmarks

    6 Replies

    0 Quotes

Configurations

Related CVEs

  1. NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure.CVE-2025-33231
  2. NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.CVE-2025-33230
  3. NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.CVE-2025-33229
  4. NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.CVE-2025-33228
  5. NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.CVE-2025-23346

References

Sources include official advisories and independent security research.