CVE-2025-23344
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-18
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nvdebug | to 1.7.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the NVIDIA NVDebug tool and allows an attacker to execute code on the platform host as a non-privileged user. It is an OS Command Injection vulnerability (CWE-78), meaning that special elements used in operating system commands are not properly neutralized, enabling malicious commands to be run. Exploiting this flaw can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to run arbitrary code on your system with non-privileged user rights, potentially causing denial of service, escalating their privileges, disclosing sensitive information, and tampering with data. This can compromise the confidentiality, integrity, and availability of your system and data. [1]