A newly disclosed set of security flaws in NVIDIA’s Triton Inference Server for Home windows and Linux, an open-source platform for working synthetic intelligence (AI) fashions at scale, may very well be exploited to take over prone servers.
“When chained collectively, these flaws can doubtlessly enable a distant, unauthenticated attacker to realize full management of the server, attaining distant code execution (RCE),” Wiz researchers Ronen Shustin and Nir Ohfeld mentioned in a report printed right now.
The vulnerabilities are listed under –
- CVE-2025-23319 (CVSS rating: 8.1) – A vulnerability within the Python backend, the place an attacker may trigger an out-of-bounds write by sending a request
- CVE-2025-23320 (CVSS rating: 7.5) – A vulnerability within the Python backend, the place an attacker may trigger the shared reminiscence restrict to be exceeded by sending a really massive request
- CVE-2025-23334 (CVSS rating: 5.9) – A vulnerability within the Python backend, the place an attacker may trigger an out-of-bounds learn by sending a request
Profitable exploitation of the aforementioned vulnerabilities may lead to info disclosure, in addition to distant code execution, denial of service, knowledge tampering within the case of CVE-2025-23319. The problems have been addressed in model 25.07.
The cloud security firm mentioned the three shortcomings may very well be mixed collectively that transforms the issue from an info leak to a full system compromise with out requiring any credentials.
Particularly, the issues are rooted within the Python backend that is designed to deal with inference requests for Python fashions from any main AI frameworks comparable to PyTorch and TensorFlow.
Within the assault outlined by Wiz, a menace actor may exploit CVE-2025-23320 to leak the complete, distinctive title of the backend’s inner IPC shared reminiscence area, a key that ought to have remained personal, after which leverage the remaining two flaws to realize full management of the inference server.
“This poses a essential danger to organizations utilizing Triton for AI/ML, as a profitable assault may result in the theft of useful AI fashions, publicity of delicate knowledge, manipulating the AI mannequin’s responses, and a foothold for attackers to maneuver deeper right into a community,” the researchers mentioned.
NVIDIA’s August bulletin for Triton Inference Server additionally highlights fixes for 3 essential bugs (CVE-2025-23310, CVE-2025-23311, and CVE-2025-23317) that, if efficiently exploited, may lead to distant code execution, denial of service, info disclosure, and knowledge tampering.
Whereas there isn’t a proof that any of those vulnerabilities have been exploited within the wild, customers are suggested to use the most recent updates for optimum safety.
