Data Validation Issues in NVIDIA TensorRT-LLM Server
CVE-2025-23254

8.8HIGH

Key Information:

Vendor: Nvidia
Status: Tensorrt-llm
Vendor: CVE Published:; 1 May 2025

Badges

📰 News Worthy

What is CVE-2025-23254?

NVIDIA TensorRT-LLM for any platform has a security vulnerability in the Python executor component that allows local attackers to manipulate data validation processes. Exploitation of this flaw may enable unauthorized code execution, potentially leading to information disclosure and data modification, thereby jeopardizing the integrity and confidentiality of the system.

Affected Version(s)

TensorRT-LLM Windows All versions prior to 0.18.2

News Articles

GBHackers News

CVE-2025-23254

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework.

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5648

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers News
May 2, 2025
Vulnerability published
May 1, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

Badges

What is CVE-2025-23254?

Affected Version(s)

News Articles

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

References

CVSS V3.1

Timeline