SQL Injection Vulnerability in NVIDIA Delegated Licensing Service Across Appliance Platforms
CVE-2025-23292

4.6MEDIUM

Key Information:

Vendor: Nvidia
Status: Dls Component Of Nvidia License System
Vendor: CVE Published:; 30 September 2025

What is CVE-2025-23292?

The NVIDIA Delegated Licensing Service has been identified with a SQL injection vulnerability that allows an attacker to perform unauthorized actions within the system. If exploited, this vulnerability could lead to disruptions in service availability, specifically affecting the user interface components. Organizations using this service should promptly assess their security protocols to mitigate potential risks associated with this vulnerability.

Affected Version(s)

DLS component of NVIDIA License System All All versions prior to v3.5.1 and v3.1.7

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23292

https://www.cve.org/CVERecord?id=CVE-2025-23292

https://nvidia.custhelp.com/app/answers/detail/a_id/5705

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23292?

Affected Version(s)

References

CVSS V3.1

Timeline