Cyber Resilience

CVE-2025-23319

High

Published: 06 August 2025

Published
06 August 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0178 83.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23319 is a high-severity Buffer Access with Incorrect Length Value (CWE-805) vulnerability in Nvidia Triton Inference Server. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

NVIDIA Triton Inference Server for Windows and Linux is affected by CVE-2025-23319, a vulnerability in the Python backend that permits an out-of-bounds write triggered by a crafted request. The flaw is tracked under CWE-805 and CWE-787 and carries a CVSS 3.1 base score of 8.1 reflecting network attack vector, high attack complexity, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can send a malicious request to the inference server and, if successful, obtain remote code execution, cause denial of service, tamper with data, or disclose sensitive information. The published EPSS score remains flat at 0.0178 with no material increase since disclosure.

Advisories and patch information are available from NVIDIA at https://nvidia.custhelp.com/app/answers/detail/a_id/5687 and from the NVD and CVE records linked in the references.

EU & UK References

Vulnerability details

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial…

more

of service, data tampering, or information disclosure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Direct remote exploitation of a network-exposed inference server via crafted request leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-23318Same product: Linux Linux Kernel
CVE-2025-23310Same product: Linux Linux Kernel
CVE-2025-23311Same product: Linux Linux Kernel
CVE-2025-23317Same product: Linux Linux Kernel
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2026-24209Same product: Linux Linux Kernel
CVE-2026-28710Same product: Linux Linux Kernel

Affected Assets

nvidia
triton inference server
≤ 25.07

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly mitigates CVE-2025-23319 by applying vendor patches to fix the out-of-bounds write in the Python backend.

prevent

Memory protection mechanisms like address space layout randomization and stack canaries prevent successful exploitation of the out-of-bounds write vulnerability.

prevent

Information input validation rejects specially crafted requests before they reach the vulnerable Python backend, reducing the risk of triggering the out-of-bounds write.

References