Vulnerability in NVIDIA vGPU Software Affecting Virtual GPU Manager
CVE-2025-23352

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Virtual Gpu Manager
Vendor: CVE Published:; 23 October 2025

What is CVE-2025-23352?

NVIDIA vGPU software contains a vulnerability within the Virtual GPU Manager that allows a malicious guest to exploit uninitialized pointer access. If successfully exploited, this flaw could enable an attacker to execute arbitrary code, cause denial of service, elevate privileges, disclose sensitive information, or tamper with data. It highlights critical security risks inherent in virtualization technologies that require prompt attention from system administrators and security professionals.

Affected Version(s)

Virtual GPU Manager Red Hat Enterprise Linux KVM 580.82.02(All versions up to and including the August 2025 release)

Virtual GPU Manager XenServer 580.82.02(All versions prior to and including vGPU 19.1)

Virtual GPU Manager XenServer 570.172.07(All versions prior to and including vGPU 18.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23352

https://www.cve.org/CVERecord?id=CVE-2025-23352

https://nvidia.custhelp.com/app/answers/detail/a_id/5703

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23352?

Affected Version(s)

References

CVSS V3.1

Timeline