CVE-2025-23322

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-23322	US Government Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5687	Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-23322	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2025-08-06 13:15

Updated : 2025-08-12 16:35

NVD link : CVE-2025-23322

Mitre link : CVE-2025-23322

CVE.ORG link : CVE-2025-23322

JSON object : View

Products Affected

microsoft

windows

nvidia

triton_inference_server

linux

linux_kernel

CWE

CWE-415

Double Free

{"id": "CVE-2025-23322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-08-06T13:15:39.930", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23322", "tags": ["US Government Resource"], "source": "[email protected]"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5687", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23322", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service."}, {"lang": "es", "value": "NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad que permite que varias solicitudes provoquen una doble liberaci\u00f3n si una transmisi\u00f3n se cancela antes de ser procesada. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."}], "lastModified": "2025-08-12T16:35:11.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B950A423-817C-4163-87ED-C43AB02DF5BC", "versionEndExcluding": "25.06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}