Cyber Posture

CVE-2025-23310

Critical

Published: 06 August 2025

Published
06 August 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0084 74.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23310 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 25.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of specially crafted inputs to NVIDIA Triton Inference Server to prevent stack buffer overflows leading to RCE, DoS, disclosure, or tampering.

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms like stack canaries, ASLR, and DEP to mitigate exploitation of stack buffer overflows even if invalid inputs are processed.

SI-2 Flaw Remediation good match
prevent

Mandates identification, reporting, and remediation of the specific stack buffer overflow flaw in NVIDIA Triton Inference Server via official patches.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Stack buffer overflow in public-facing NVIDIA Triton Inference Server directly enables remote unauthenticated RCE over the network (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure,…

more

and data tampering.

Deeper analysisAI

CVE-2025-23310 is a stack buffer overflow vulnerability (CWE-121) affecting NVIDIA Triton Inference Server on Windows and Linux platforms. The issue arises from specially crafted inputs that trigger the overflow, as detailed in the vulnerability description published on 2025-08-06.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation could result in remote code execution, denial of service, information disclosure, or data tampering on affected systems.

Mitigation guidance and patch details are available in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5687, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-23310, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-23310. Security practitioners should consult these resources for version-specific remediation steps.

Details

CWE(s)
CWE-121

Affected Products

nvidia
triton inference server
≤ 25.07

CVEs Like This One

CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2025-23317Same product: Linux Linux Kernel
CVE-2025-23319Same product: Linux Linux Kernel
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2025-69273Same product: Linux Linux Kernel
CVE-2026-28710Same product: Linux Linux Kernel
CVE-2024-51954Same product: Linux Linux Kernel
CVE-2025-23243Same product: Linux Linux Kernel
CVE-2025-0502Same product: Linux Linux Kernel

References