Data Validation Issues in NVIDIA TensorRT-LLM Server
CVE-2025-23254

8.8HIGH

Key Information:

Vendor: Nvidia
Status: Tensorrt-llm
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-23254?

NVIDIA TensorRT-LLM for any platform has a security vulnerability in the Python executor component that allows local attackers to manipulate data validation processes. Exploitation of this flaw may enable unauthorized code execution, potentially leading to information disclosure and data modification, thereby jeopardizing the integrity and confidentiality of the system.

Affected Version(s)

TensorRT-LLM Windows All versions prior to 0.18.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5648

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23254?

Affected Version(s)

References

CVSS V3.1

Timeline