Vulnerability in NVIDIA vGPU Software Affecting Virtual GPU Manager
CVE-2025-23352

7.8HIGH

Key Information:

Vendor

Nvidia
Status
Virtual Gpu Manager
Vendor
CVE Published:
23 October 2025

What is CVE-2025-23352?

NVIDIA vGPU software contains a vulnerability within the Virtual GPU Manager that allows a malicious guest to exploit uninitialized pointer access. If successfully exploited, this flaw could enable an attacker to execute arbitrary code, cause denial of service, elevate privileges, disclose sensitive information, or tamper with data. It highlights critical security risks inherent in virtualization technologies that require prompt attention from system administrators and security professionals.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Virtual GPU Manager Red Hat Enterprise Linux KVM 580.82.02(All versions up to and including the August 2025 release)

Virtual GPU Manager XenServer 580.82.02(All versions prior to and including vGPU 19.1)

Virtual GPU Manager XenServer 570.172.07(All versions prior to and including vGPU 18.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23352
https://www.cve.org/CVERecord?id=CVE-2025-23352
https://nvidia.custhelp.com/app/answers/detail/a_id/5703

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.