Cyber Posture

CVE-2025-23268

High

Published: 17 September 2025

Published
17 September 2025
Modified
08 October 2025
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0017 38.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23268 is a high-severity Improper Input Validation (CWE-20) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly enforces validation of inputs to the DALI backend, comprehensively addressing the improper input validation (CWE-20) that enables code execution.

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of the specific flaw in NVIDIA Triton Inference Server, such as applying patches from the NVIDIA security bulletin.

AC-6 Least Privilege partial match
prevent

Enforces least privilege to limit high-privilege (PR:H) access to the vulnerable Triton Inference Server, reducing the pool of potential attackers able to exploit over the network.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

RCE via improper input validation in network-accessible Triton Inference Server directly enables T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution.

Deeper analysisAI

CVE-2025-23268 affects the NVIDIA Triton Inference Server, specifically a vulnerability in the DALI backend stemming from improper input validation (CWE-20). Published on 2025-09-17, this issue allows an attacker to potentially achieve code execution upon successful exploitation. The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H), indicating high severity with network accessibility but requiring high privileges and complexity.

An attacker must have high privileges (PR:H) on the target system and leverage network access (AV:N) with a high-complexity attack (AC:H), requiring no user interaction (UI:N). Successful exploitation results in scoped impact (S:C) with high effects on confidentiality, integrity, and availability (C:H/I:H/A:H), enabling arbitrary code execution on the server.

Mitigation details are provided in the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5691.

Details

CWE(s)
CWE-20

Affected Products

nvidia
triton inference server
≤ 25.07

CVEs Like This One

CVE-2025-33254Same product: Nvidia Triton Inference Server
CVE-2025-33238Same product: Nvidia Triton Inference Server
CVE-2026-24146Same product: Nvidia Triton Inference Server
CVE-2026-24174Same product: Nvidia Triton Inference Server
CVE-2026-24158Same product: Nvidia Triton Inference Server
CVE-2026-24173Same product: Nvidia Triton Inference Server
CVE-2026-24175Same product: Nvidia Triton Inference Server
CVE-2026-24164Same vendor: Nvidia
CVE-2025-23318Same product: Nvidia Triton Inference Server
CVE-2025-23310Same product: Nvidia Triton Inference Server

References