CVE-2025-23319
Published: 06 August 2025
Summary
CVE-2025-23319 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
NVIDIA Triton Inference Server for Windows and Linux is affected by CVE-2025-23319, a vulnerability in the Python backend that permits an out-of-bounds write triggered by a crafted request. The flaw is tracked under CWE-805 and CWE-787 and carries a CVSS 3.1 base score of 8.1 reflecting network attack vector, high attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
An unauthenticated remote attacker can send a malicious request to the inference server and, if successful, obtain remote code execution, cause denial of service, tamper with data, or disclose sensitive information. The published EPSS score remains flat at 0.0178 with no material increase since disclosure.
Advisories and patch information are available from NVIDIA at https://nvidia.custhelp.com/app/answers/detail/a_id/5687 and from the NVD and CVE records linked in the references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23837
Vulnerability details
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial…
more
of service, data tampering, or information disclosure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of a network-exposed inference server via crafted request leading to RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation directly mitigates CVE-2025-23319 by applying vendor patches to fix the out-of-bounds write in the Python backend.
Memory protection mechanisms like address space layout randomization and stack canaries prevent successful exploitation of the out-of-bounds write vulnerability.
Information input validation rejects specially crafted requests before they reach the vulnerable Python backend, reducing the risk of triggering the out-of-bounds write.