CVE-2025-23319
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-12
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 25.07 (exc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Python backend of the NVIDIA Triton Inference Server for Windows and Linux. An attacker can exploit it by sending a specially crafted request that causes an out-of-bounds write, potentially leading to remote code execution, denial of service, data tampering, or information disclosure.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to execute code remotely on the affected system, cause the system to crash or become unavailable (denial of service), alter data improperly (data tampering), or access sensitive information (information disclosure).