CVE Daily
← All tags

Tag: NVIDIA Driver

All CVEs associated with "NVIDIA Driver". Page 2/9 • 1025 CVEs.

Subscribe CVEs: RSS for “NVIDIA Driver”  ·  RSS (High+Critical only)

About “NVIDIA Driver”

A curated feed of “NVIDIA Driver”-related CVEs appears below. We currently track 1025 CVEs for this tag (all time). In the last 365 days, 251 were published. Average CVSS is 6.8 (all time; 7.0 over 365d), and 60% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-502 - Deserialization of Untrusted Data, CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-125 - Out-of-bounds Read.

In our taxonomy this topic maps to a LOW impact class. Drivers and firmware affect stability and security. Update firmware or drivers, plan reboots, and validate compatibility on pilot groups first. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-11-25
Low

CVE-2025-33200

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosur…

CVSS: 2.3 CWE: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse View on NVD
Low

CVE-2025-33199

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tamperin…

CVSS: 3.2 CWE: CWE-670 - Always-Incorrect Control Flow Implementation View on NVD
Low

CVE-2025-33198

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosur…

CVSS: 3.3 CWE: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse View on NVD
Medium

CVE-2025-33197

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 4.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-33196

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosur…

CVSS: 4.4 CWE: CWE-226 - Sensitive Information in Resource Not Removed Before Reuse View on NVD
Medium

CVE-2025-33195

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tamp…

CVSS: 4.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2025-33194

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information…

CVSS: 5.7 CWE: CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize View on NVD
Medium

CVE-2025-33193

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information…

CVSS: 5.7 CWE: CWE-354 - Improper Validation of Integrity Check Value View on NVD
Medium

CVE-2025-33192

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 5.7 CWE: CWE-690 - Unchecked Return Value to NULL Pointer Dereference View on NVD
Medium

CVE-2025-33191

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS: 5.7 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-33190

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tam…

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-33189

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data ta…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2025-33188

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclo…

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2025-33187

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to…

CVSS: 9.3 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-11-18
High

CVE-2025-33184

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to cod…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-33183

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to cod…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-11-11
Medium

CVE-2025-33202

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerabilit…

CVSS: 6.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-33186

NVIDIA AIStore contains a vulnerability in AuthN. A successful exploit of this vulnerability might lead to escalation of privileges, information disclosure, and data tampering.

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2025-33185

NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure.  A successful exploit of this vulnerability may lead to information disclosure.

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-33178

NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vu…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23357

NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-11-04
Medium

CVE-2025-33176

NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability…

CVSS: 6.2 CWE: CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints View on NVD
High

CVE-2025-23358

NVIDIA NVApp for Windows contains a vulnerability in the installer, where a local attacker can cause a search path element issue. A successful exploit of this vulnerability might lead to code executi…

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-10-23
High

CVE-2025-23352

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to co…

CVSS: 7.8 CWE: CWE-824 - Access of Uninitialized Pointer View on NVD
High

CVE-2025-23347

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privil…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-23345

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-23332

NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead…

CVSS: 5.0 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-23330

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of serv…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2025-23300

NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of th…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2025-10-22
Medium

CVE-2025-23299

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

CVSS: 6.7 CWE: CWE-787 - Out-of-bounds Write View on NVD
2025-10-14
Medium

CVE-2025-33177

NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation o…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2025-33182

NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnera…

CVSS: 7.6 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2025-23356

NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, informati…

CVSS: 8.4 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2025-10-10
High

CVE-2025-23309

NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.

CVSS: 8.2 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-23282

NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code…

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-23280

NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privile…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
2025-10-01
Medium

CVE-2025-23355

NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code e…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2025-23297

NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK dire…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2023-53525

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qp_type to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UD…

CVSS: 5.5 CWE: CWE-908 - Use of Uninitialized Resource View on NVD
2025-09-30
High

CVE-2025-23293

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to i…

CVSS: 8.7 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2025-23292

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability…

CVSS: 4.6 CWE: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic View on NVD
Low

CVE-2025-23291

NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to i…

CVSS: 2.4 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2025-09-24
High

CVE-2025-23354

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnera…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23353

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnera…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23349

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23348

NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vu…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Low

CVE-2025-23346

NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of…

CVSS: 3.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Low

CVE-2025-23340

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-23339

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A s…

CVSS: 3.3 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Low

CVE-2025-23338

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A successful exploit of this vuln…

CVSS: 3.3 CWE: CWE-129 - Improper Validation of Array Index View on NVD
Low

CVE-2025-23308

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A succ…

CVSS: 3.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-23275

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful expl…

CVSS: 4.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2025-23274

NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in arr…

CVSS: 4.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-23273

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful ex…

CVSS: 2.5 CWE: CWE-369 - Divide By Zero View on NVD
Medium

CVE-2025-23272

NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to in…

CVSS: 5.7 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-23271

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-23255

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Low

CVE-2025-23248

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to nvdisasm. A successful exploit of…

CVSS: 3.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-09-18
High

CVE-2023-53395

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI sp…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
Medium

CVE-2023-53383

In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 The T241 platform suffers from the T241-FABRIC-4 erratum which causes…

CVSS: 5.5 CWE: N/A View on NVD
2025-09-17
Medium

CVE-2025-23337

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an admi…

CVSS: 6.7 CWE: CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State View on NVD
Medium

CVE-2025-23336

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerab…

CVSS: 4.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-23329

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-23328

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vuln…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2025-23316

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2025-23268

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code…

CVSS: 8.0 CWE: CWE-20 - Improper Input Validation View on NVD
2025-09-15
High

CVE-2023-53253

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Reference hid_device devm allocation of input_dev name Use hid_device for devm allocation of the input_dev na…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2025-09-09
High

CVE-2025-23344

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful exploit of this vulnerability may lead to code executi…

CVSS: 7.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2025-23343

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information disclosure, denial…

CVSS: 7.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-23342

The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this vulnerability may lead to code execution, denial of serv…

CVSS: 8.2 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2025-09-04
Medium

CVE-2025-23302

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to…

CVSS: 4.2 CWE: CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State View on NVD
Medium

CVE-2025-23301

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to…

CVSS: 4.2 CWE: CWE-1244 - Internal Asset Exposed to Unsafe Debug Access Level or State View on NVD
Medium

CVE-2025-23262

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this…

CVSS: 6.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2025-23261

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.

CVSS: 5.5 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network int…

CVSS: 6.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2025-23258

NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerabi…

CVSS: 7.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-23257

NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might le…

CVSS: 7.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-23256

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of thi…

CVSS: 8.7 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-08-26
High

CVE-2025-23315

NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue. A successful explo…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23314

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vul…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23313

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful exploit of this vul…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23312

NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful exploit of…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23307

NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might lead to code…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-08-13
High

CVE-2025-23306

NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/ arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A s…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23305

NVIDIA Megatron-LM for all platforms contains a vulnerability in the tools component, where an attacker may exploit a code injection issue. A successful exploit of this vulnerability may lead to code…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23304

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2025-23303

NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability migh…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-23298

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability migh…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23296

NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23295

NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerabi…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-23294

NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalat…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2025-08-06
Medium

CVE-2025-23335

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific inpu…

CVSS: 4.4 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2025-23334

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-23333

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successf…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-23331

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an…

CVSS: 7.5 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
High

CVE-2025-23327

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerab…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23326

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnera…

CVSS: 7.5 CWE: CWE-680 - Integer Overflow to Buffer Overflow View on NVD
High

CVE-2025-23325

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vuln…

CVSS: 7.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
High

CVE-2025-23324

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid req…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23323

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid requ…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2025-23322

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit…

CVSS: 7.5 CWE: CWE-415 - Double Free View on NVD
High

CVE-2025-23321

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability…

CVSS: 7.5 CWE: CWE-369 - Divide By Zero View on NVD
High

CVE-2025-23320

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large reque…

CVSS: 7.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2025-23319

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of…

CVSS: 8.1 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
High

CVE-2025-23318

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability m…

CVSS: 8.1 CWE: CWE-805 - Buffer Access with Incorrect Length Value View on NVD
Critical

CVE-2025-23317

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vul…

CVSS: 9.1 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2025-23311

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead t…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2025-23310

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerabili…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2025-08-02
Low

CVE-2025-23290

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnera…

CVSS: 2.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2025-23285

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of servic…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2025-23284

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code ex…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Low

CVE-2025-23288

NVIDIA GPU Display Driver for Windows contains a vulnerability  where an attacker may cause an exposure of sensitive system information with local unprivileged system access. A successful exploit of…

CVSS: 3.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Low

CVE-2025-23287

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may access sensitive system-level information. A successful exploit of this vulnerability may lead to Information disc…

CVSS: 3.3 CWE: CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere View on NVD
Medium

CVE-2025-23286

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where an attacker could read invalid memory. A successful exploit of this vulnerability might lead to information disclosure.

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-23283

NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerabi…

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2025-23281

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker with local unprivileged access that can win a race condition might be able to trigger a use-after-free error. A succes…

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-23279

NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race condition to escalate privileges. A successful exploit of this vulnerability might lead to code…

CVSS: 7.0 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2025-23278

NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this…

CVSS: 7.1 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2025-23277

NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exp…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD