CVE-2025-23311
Published: 06 August 2025
Summary
CVE-2025-23311 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identification, reporting, and timely remediation of the stack-based buffer overflow flaw in NVIDIA Triton Inference Server via patching.
Mandates validation of HTTP request inputs to block specially crafted requests that trigger the stack overflow vulnerability.
Implements memory protection mechanisms such as stack canaries, ASLR, and non-executable stacks to mitigate exploitation of the stack overflow for RCE or data tampering.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public-facing Triton Inference Server triggered by crafted HTTP requests directly enables remote code execution via T1190 Exploit Public-Facing Application.
NVD Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
Deeper analysisAI
CVE-2025-23311 is a stack-based buffer overflow vulnerability (CWE-121) in NVIDIA Triton Inference Server. The flaw arises from specially crafted HTTP requests that can trigger the overflow, affecting the server's ability to process inference workloads securely. Published on August 6, 2025, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical.
Attackers require only network access to the affected Triton Inference Server instance, with no privileges, user interaction, or special conditions needed due to low attack complexity. Successful exploitation could enable remote code execution, denial of service, information disclosure, or data tampering, potentially compromising the host system running the server.
Mitigation guidance is available in the official NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5687, along with details in the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-23311 and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-23311. Security practitioners should review these for patching instructions and workarounds.
Details
- CWE(s)