CVE-2025-23317
Published: 06 August 2025
Summary
CVE-2025-23317 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
NVIDIA Triton Inference Server is affected by a vulnerability in its HTTP server component, tracked as CVE-2025-23317 and assigned CWE-122. The flaw permits an attacker to initiate a reverse shell through a specially crafted HTTP request, which can result in remote code execution, denial of service, data tampering, or information disclosure. The issue carries a CVSS v3.1 score of 9.1, reflecting network attack vector, low complexity, and no required privileges or user interaction.
Unauthenticated remote attackers can exploit the vulnerability over the network by submitting the malicious request to the HTTP server interface. Successful exploitation grants the ability to execute arbitrary code, disrupt service availability, modify data, or access sensitive information on the affected inference server instance.
The EPSS score has remained low, moving only from 0.0488 currently to a peak of 0.0572 with no indication of significant exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23839
Vulnerability details
NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of…
more
service, data tampering, or information disclosure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in public-facing HTTP server component allows unauthenticated network attackers to trigger RCE (via reverse shell) with no privileges or user interaction, directly mapping to exploitation of internet-facing applications.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly addresses the heap-based buffer overflow by applying vendor patches to the NVIDIA Triton Inference Server HTTP component.
Information input validation on HTTP requests prevents specially crafted inputs from triggering the buffer overflow leading to reverse shell.
Boundary protection with firewalls or WAFs restricts network access to the vulnerable HTTP endpoint and filters malicious requests.