Security flaws in key Nvidia enterprise tool could have let hackers run malware on Windows and Linux systems

News
By published

Three bugs can be chained together to devastating effects

Security alert showing on a computer monitor
(Image credit: pixabay | Elchinator)
  • Security researchers found three flaws in Nvidia Triton Inference Server
  • When used together, they can grant remote code execution capabilities
  • A patch has been released, so users should update immediately

Nvidia Triton Inference Server carried three vulnerabilities which, when combined, could lead to remote code execution (RCE) and other risks, security experts from Wiz have warned

Triton is a free open source tool working on both Windows and Linux which helps companies run AI models efficiently on servers, whether in the cloud, on-site, or at the edge.

It supports many popular AI frameworks and speeds up tasks by handling multiple models at once and grouping similar requests together.

Patching the flaw

Wiz found three flaws in the Python backend:

CVE-2025-23319 (out-of-bounds write bug with an 8.1/10 severity score), CVE-2025-23320 (shared memory limit exceeding vulnerability with a 7.5/10 severity score), and CVE-2025-23334 (an out-of-bounds vulnerability with a 5.9/10 score).

"When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution (RCE)," Wiz said in its security advisory.

The risk is real, too, they added, stressing that companies stand to lose sensitive data:

"This poses a critical risk to organizations using Triton for AI/ML, as a successful attack could lead to the theft of valuable AI models, exposure of sensitive data, manipulating the AI model's responses, and a foothold for attackers to move deeper into a network," the researchers added.

Nvidia said it addressed the issues in version 25.07, and users are “strongly recommended” to update to the latest version as soon as possible.

At press time, there were no reports of anyone abusing these flaws in the wild, however many cybercriminals will wait until a vulnerability is disclosed to target organizations that aren’t that diligent when patching and keep their endpoints vulnerable for longer periods of time.

Via The Hacker News

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.