Out-of-Bounds Write Vulnerability in NVIDIA Triton Inference Server
CVE-2025-23319

8.1HIGH

Key Information:

Vendor

Nvidia
Status
Triton Inference Server
Vendor
CVE Published:
6 August 2025

Badges

📈 Score: 660👾 Exploit Exists📰 News Worthy

What is CVE-2025-23319?

CVE-2025-23319 is a vulnerability found in the NVIDIA Triton Inference Server, which is designed to facilitate and streamline the deployment of machine learning models for inference. This server enables developers to serve models from various frameworks in a unified way, enhancing the operational efficiency of AI applications. The vulnerability lies specifically in the Python backend of the server, where an attacker could exploit it by sending specially crafted requests. If successfully exploited, the out-of-bounds write can lead to severe consequences such as remote code execution, which allows unauthorized execution of arbitrary code on the affected server, data tampering, and potential information disclosure. This poses a serious threat to organizations that rely on AI inference services, as it could compromise sensitive data and disrupt operations.

Potential impact of CVE-2025-23319

  1. Remote Code Execution: The most significant risk associated with CVE-2025-23319 is the potential for remote code execution. An attacker can exploit this vulnerability to run arbitrary code on the Triton Inference Server, which could be leveraged to gain complete control over the server and the applications running on it.

  2. Denial of Service: Exploiting this vulnerability could also result in a denial of service, disrupting the availability of the Triton Inference Server. This can hinder an organization’s access to critical AI-powered services, causing operational delays and financial losses.

  3. Data Tampering and Information Disclosure: The exploit could facilitate unauthorized data manipulation or extraction, leading to data integrity breaches and exposure of sensitive information. This not only threatens the confidentiality of the information processed by the server but could also lead to regulatory and compliance issues for organizations handling sensitive data.

Affected Version(s)

Triton Inference Server Windows All versions prior to 25.07

News Articles

favicon imageSecurity Affairs

Chaining NVIDIA's Triton Server flaws exposes AI systems to remote takeover

New flaws in NVIDIA's Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure.

2 days ago

favicon imageCyberSecurityNews

NVIDIA Triton Vulnerability Chain Let Attackers Take Over AI Server Control

A critical vulnerability chain in NVIDIA's Triton Inference Server that allows unauthenticated attackers to achieve complete remote code execution (RCE) and gain full control over AI servers. 

2 days ago

Nvidia Patches Critical RCE Vulnerability Chain

The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.

2 days ago

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23319
https://www.cve.org/CVERecord?id=CVE-2025-23319
https://nvidia.custhelp.com/app/answers/detail/a_id/5687

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability Reserved

.
CVE-2025-23319 : Out-of-Bounds Write Vulnerability in NVIDIA Triton Inference Server