SB2025082221 - Multiple vulnerabilities in NVIDIA Triton Inference Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025082221

SB2025082221 - Multiple vulnerabilities in NVIDIA Triton Inference Server

Published: August 22, 2025

Security Bulletin ID SB2025082221
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 83% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2025-23323)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


2) Integer underflow (CVE-ID: CVE-2025-23335)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer underflow. A remote administrator can trigger integer underflow and cause a denial of service condition on the target system.


3) Integer overflow (CVE-ID: CVE-2025-23327)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Integer overflow (CVE-ID: CVE-2025-23326)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


5) Uncontrolled Recursion (CVE-ID: CVE-2025-23325)

CWE-ID: CWE-674 - Uncontrolled Recursion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion through a specially crafted input. A remote attacker can cause a denial of service condition on the target system.


6) Integer overflow (CVE-ID: CVE-2025-23324)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


Remediation

Install update from vendor's website.

References