CVE-2025-23292

CWE-943Improper Neutralization of Special Elements in Data Query Logic3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.0%
top 97.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia DLS Component OF Nvidia License System
Timeline
PublishedSep 30

Description

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:LExploitability: 0.4 | Impact: 4.2

Affected Packages1 packages

CVEListV5nvidia/dls_component_of_nvidia_license_systemAll versions prior to v3.5.1 and v3.1.7

🔴Vulnerability Details

2
CVEList
CVE-2025-23292: NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized a2025-09-30
GHSA
GHSA-cv3h-v6fc-4549: NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized a2025-09-30
CVE-2025-23292 (MEDIUM CVSS 4.6) | NVIDIA Delegated Licensing Service | cvebase.io