CVE-2025-23331

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-23331	Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5687	Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-23331	US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2025-08-06 13:15

Updated : 2025-08-12 16:36

NVD link : CVE-2025-23331

Mitre link : CVE-2025-23331

CVE.ORG link : CVE-2025-23331

JSON object : View

Products Affected

microsoft

windows

nvidia

triton_inference_server

linux

linux_kernel

CWE

CWE-789

Memory Allocation with Excessive Size Value

{"id": "CVE-2025-23331", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-08-06T13:15:40.870", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23331", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5687", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23331", "tags": ["US Government Resource"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service."}, {"lang": "es", "value": "NVIDIA Triton Inference Server para Windows y Linux contiene una vulnerabilidad que permite a un usuario asignar memoria con un tama\u00f1o excesivo, lo que provoca un fallo de segmentaci\u00f3n, al proporcionar una solicitud no v\u00e1lida. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."}], "lastModified": "2025-08-12T16:36:10.777", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B950A423-817C-4163-87ED-C43AB02DF5BC", "versionEndExcluding": "25.06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}