Access Control Vulnerability in NVIDIA Riva
CVE-2025-23243

6.5MEDIUM

Key Information:

Vendor
Nvidia
Status
Vendor
CVE Published:
11 March 2025

Badges

📈 Score: 471📰 News Worthy

What is CVE-2025-23243?

CVE-2025-23243 is an access control vulnerability identified in NVIDIA Riva, a software platform designed to accelerate and deploy AI-powered applications. This vulnerability exposes users to improper access control issues, which can have detrimental consequences for organizations relying on NVIDIA Riva for their operations. If exploited, the vulnerability could lead to unauthorized data manipulation and service interruptions, potentially compromising the integrity and availability of critical applications.

Technical Details

The vulnerability arises from an incorrect implementation of access controls within NVIDIA Riva. It is classified as an access control vulnerability, which typically involves the mishandling of authentication or authorization processes, allowing unauthorized users to gain access to restricted functions or data. Detailed technical assessments are essential to understand the specific conditions under which this vulnerability can be exploited and the corresponding security measures that can be employed to mitigate its risks.

Potential impact of CVE-2025-23243

  1. Data Tampering: A successful exploitation of this vulnerability could allow attackers to alter or manipulate sensitive data, resulting in inaccuracies and potential loss of trust in data integrity.

  2. Denial of Service: By abusing this vulnerability, unauthorized users could disrupt services provided by NVIDIA Riva, leading to downtime and decreased operational efficiency.

  3. Compromise of Application Integrity: Organizations may face risks of compromise in their AI-powered applications, which could lead to broader security implications and detrimental effects on their overall business operations.

Affected Version(s)

Riva Linux All versions up to and including 2.18.0

News Articles

NVIDIA Support

Details This section provides a summary of potential vulnerabilities that this security update addresses and their impact. Descriptions use CWE™, and base scores and vectors use CVSS v3.1...

3 weeks ago

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Oracle

  • Vulnerability published

  • Vulnerability Reserved

.