NVIDIA Product Security Update Advisory
Overview
We have released a security update to fix vulnerabilities in NVIDIA products. Users of affected products are advised to update to the latest version.
Affected Products
Cve-2025-23323, cve-2025-23324, cve-2025-23325, cve-2025-23326, cve-2025-23327
Triton Inference Server (Windows, Linux) Versions: less than 25.05
Cve-2025-23322, cve-2025-23331
Triton Inference Server (Windows, Linux) Versions: less than 25.06
Cve-2025-23310, cve-2025-23311, cve-2025-23317, cve-2025-23318, cve-2025-23319, cve-2025-23320, cve-2025-23321
Triton Inference Server (Windows, Linux) Versions: less than 25.07
Resolved Vulnerabilities
Stack buffer overflow vulnerability due to specially crafted input in Triton Inference Server (CVE-2025-23310)
Stack overflow vulnerability due to a specially crafted HTTP request in Triton Inference Server (CVE-2025-23311)
Remote code execution vulnerability due to reverse shell execution via a specially crafted HTTP request in Triton Inference Server (CVE-2025-23317)
Code execution vulnerability due to out-of-bounds writes in the Python backend of Triton Inference Server (CVE-2025-23318)
Code execution vulnerability due to an out-of-bounds write during request processing in the Python backend of Triton Inference Server (CVE-2025-23319)
Information leakage vulnerability in the Python backend of Triton Inference Server due to a shared memory limit exceeded when processing very large requests (CVE-2025-23320)
Denial of service vulnerability due to a divide-by-zero error in Triton Inference Server when handling incorrect requests (CVE-2025-23321)
Denial of Service Vulnerability due to double memory release in Triton Inference Server (CVE-2025-23322)
Denial of Service Vulnerability due to an integer overflow or wraparound in Triton Inference Server (CVE-2025-23323)
Denial of Service Vulnerability due to an integer overflow or wraparound in Triton Inference Server (CVE-2025-23324)
Denial of Service Vulnerability in Triton Inference Server due to specially crafted input (CVE-2025-23325)
Denial of Service Vulnerability in Triton Inference Server due to specially crafted input (CVE-2025-23326)
Denial of Service and Data Tampering Vulnerability in Triton Inference Server due to specially crafted input (CVE-2025-23327)
Denial of Service Vulnerability in Triton Inference Server due to an over-sized memory allocation when handling incorrect requests (CVE-2025-23331)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
Cve-2025-23323, cve-2025-23324, cve-2025-23325, cve-2025-23326, cve-2025-23327
Triton Inference Server (Windows, Linux) version: 25.05
Cve-2025-23322, cve-2025-23331
Triton Inference Server (Windows, Linux) Version: 25.06
Cve-2025-23310, cve-2025-23311, cve-2025-23317, cve-2025-23318, cve-2025-23319, cve-2025-23320, cve-2025-23321
Triton Inference Server (Windows, Linux) Version: 25.07
References
[1] Security Bulletin: NVIDIA Triton Inference Server – August 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5687