CVE-2025-23319
Published: 06 August 2025
Summary
CVE-2025-23319 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates CVE-2025-23319 by applying vendor patches to fix the out-of-bounds write in the Python backend.
Memory protection mechanisms like address space layout randomization and stack canaries prevent successful exploitation of the out-of-bounds write vulnerability.
Information input validation rejects specially crafted requests before they reach the vulnerable Python backend, reducing the risk of triggering the out-of-bounds write.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of a network-exposed inference server via crafted request leading to RCE.
NVD Description
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial…
more
of service, data tampering, or information disclosure.
Deeper analysisAI
CVE-2025-23319 is a vulnerability in the Python backend of NVIDIA Triton Inference Server for Windows and Linux platforms. It allows an attacker to trigger an out-of-bounds write by sending a specially crafted request to the server. The issue is rated with a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-805 (Buffer Access with Incorrect Length Value) and CWE-787 (Out-of-bounds Write). The vulnerability was published on 2025-08-06.
A remote, unauthenticated attacker with network access to the Triton Inference Server can exploit this flaw, though it requires high attack complexity and no user interaction. Successful exploitation could result in remote code execution, denial of service, data tampering, or information disclosure, with high impacts on confidentiality, integrity, and availability within the unchanged security scope.
Mitigation guidance is available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5687, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-23319, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-23319. Security practitioners should consult these resources for patching instructions and workarounds specific to affected Triton Inference Server versions.
Details
- CWE(s)