CVE-2025-23268

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 65.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Triton Inference Server

Timeline

PublishedSep 17

Latest updateApr 6

Description

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.3 | Impact: 6.0

Affected Packages2 packages

▶NVDnvidia/triton_inference_server< 25.07

▶CVEListV5nvidia/triton_inference_serverAll versions prior to 25.07

🔴Vulnerability Details

OSV

linux-oem-6.17 vulnerabilities↗2026-04-06

▶

GHSA

GHSA-hmf3-jm6w-7cf3: NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue↗2025-09-18

▶

CVEList

CVE-2025-23268: NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue↗2025-09-17

▶