Cyber Resilience

CVE-2025-23317

Critical

Published: 06 August 2025

Published
06 August 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0488 89.8th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23317 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 10.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

NVIDIA Triton Inference Server is affected by a vulnerability in its HTTP server component, tracked as CVE-2025-23317 and assigned CWE-122. The flaw permits an attacker to initiate a reverse shell through a specially crafted HTTP request, which can result in remote code execution, denial of service, data tampering, or information disclosure. The issue carries a CVSS v3.1 score of 9.1, reflecting network attack vector, low complexity, and no required privileges or user interaction.

Unauthenticated remote attackers can exploit the vulnerability over the network by submitting the malicious request to the HTTP server interface. Successful exploitation grants the ability to execute arbitrary code, disrupt service availability, modify data, or access sensitive information on the affected inference server instance.

The EPSS score has remained low, moving only from 0.0488 currently to a peak of 0.0572 with no indication of significant exploitation interest after disclosure.

EU & UK References

Vulnerability details

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of…

more

service, data tampering, or information disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Heap buffer overflow in public-facing HTTP server component allows unauthenticated network attackers to trigger RCE (via reverse shell) with no privileges or user interaction, directly mapping to exploitation of internet-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23310Same product: Linux Linux Kernel
CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23319Same product: Linux Linux Kernel
CVE-2025-23318Same product: Linux Linux Kernel
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2026-8834Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2026-24209Same product: Linux Linux Kernel

Affected Assets

nvidia
triton inference server
≤ 25.07

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the heap-based buffer overflow by applying vendor patches to the NVIDIA Triton Inference Server HTTP component.

prevent

Information input validation on HTTP requests prevents specially crafted inputs from triggering the buffer overflow leading to reverse shell.

prevent

Boundary protection with firewalls or WAFs restricts network access to the vulnerable HTTP endpoint and filters malicious requests.

References