CVE-2025-23317
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-12
Assigner: NVIDIA Corporation
Description
Description
NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 25.07 (exc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the HTTP server component of the NVIDIA Triton Inference Server. An attacker can exploit it by sending a specially crafted HTTP request that allows them to start a reverse shell on the server. This means the attacker can remotely execute commands on the affected system.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to remote code execution, denial of service, data tampering, or information disclosure on the affected system, potentially compromising system integrity, availability, and confidentiality.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70