Information Disclosure Vulnerability in NVIDIA vGPU Software
CVE-2025-23290

2.5LOW

Key Information:

Vendor

Nvidia
Status
Gpu Display Drivers
Vendor
CVE Published:
2 August 2025

What is CVE-2025-23290?

NVIDIA vGPU software contains a vulnerability within its Virtual GPU Manager. This vulnerability allows a guest virtual machine to access global GPU metrics that can be influenced by processes running in other VMs. If successfully exploited, this vulnerability may lead to the unintended disclosure of sensitive information across virtual environments, compromising the confidentiality of hosted workloads.

Affected Version(s)

GPU Display Drivers R535, R570

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5670

CVSS V3.1

Score:
2.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-23290 : Information Disclosure Vulnerability in NVIDIA vGPU Software