Local File Modification Vulnerability in NVIDIA Installer for Windows
CVE-2025-23297

7.8HIGH

Key Information:

Vendor

Nvidia

Vendor
CVE Published:
1 October 2025

What is CVE-2025-23297?

The NVIDIA Installer for the FrameviewSDK on Windows contains a vulnerability that allows an attacker with local unprivileged access to modify files within the Frameview SDK directory. This could potentially lead to unauthorized changes and escalate privileges, posing a significant risk to system integrity. Users are urged to implement security measures to safeguard against potential exploits targeting this vulnerability.

Affected Version(s)

NVIDIA App Windows 10/11 All versions prior to 11.0.5.245

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-23297 : Local File Modification Vulnerability in NVIDIA Installer for Windows