CVE-2025-23318
Published: 06 August 2025
Summary
CVE-2025-23318 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 requires timely remediation of flaws like this out-of-bounds write vulnerability through patching, directly eliminating the root cause.
SI-16 implements memory protections such as DEP and ASLR that directly mitigate exploitation of out-of-bounds writes leading to code execution.
RA-5 vulnerability scanning identifies the presence of this specific CVE in Triton Inference Server, enabling prioritization for remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote out-of-bounds write in Triton Inference Server Python backend directly enables arbitrary code execution via exploitation of a public-facing network service (T1190).
NVD Description
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and…
more
information disclosure.
Deeper analysisAI
CVE-2025-23318 affects the Python backend in NVIDIA Triton Inference Server for Windows and Linux platforms. The vulnerability enables an out-of-bounds write condition, which could potentially result in code execution, denial of service, data tampering, and information disclosure. It has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-805 (Buffer Access with Incorrect Length Value) and CWE-787 (Out-of-bounds Write).
A remote network attacker with no privileges or user interaction required can exploit this vulnerability, though it demands high attack complexity. Successful exploitation grants high-impact confidentiality, integrity, and availability consequences, allowing arbitrary code execution, service disruption, data modification, or exposure of sensitive information on the targeted Triton Inference Server instance.
Mitigation guidance is available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5687 and the NVD detail page at https://nvd.nist.gov/vuln/detail/CVE-2025-23318. Security practitioners should consult these for patch availability and recommended actions.
Details
- CWE(s)