CVE-2025-23275

CWE-787Out-of-bounds Write5 documents5 sources
Severity
7.1HIGH
EPSS
0.0%
top 97.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nvidia Cuda ToolkitNvidia Nvidia Cuda ToolkitNvidia Nvjpeg
Timeline
PublishedSep 24

Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages3 packages

NVDnvidia/cuda_toolkit< 13.0.0
CVEListV5nvidia/nvidia_cuda_toolkitAll versions prior to CUDA Toolkit 13.0
CVEListV5nvidia/nvjpegAll versions prior to nvJPEG 13.0.0

🔴Vulnerability Details

3
OSV
CVE-2025-23275: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by provi2025-09-24
CVEList
CVE-2025-23275: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by provi2025-09-24
GHSA
GHSA-rrw2-mp24-c2pg: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by provi2025-09-24

📋Vendor Advisories

1
Debian
CVE-2025-23275: nvidia-cuda-toolkit - NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a...2025
CVE-2025-23275 (HIGH CVSS 7.1) | NVIDIA CUDA Toolkit for all platfor | cvebase.io