—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in NVIDIA Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

 

Severity Rating: High

Software Affected

NVIDIA AIStore’s  AuthN component versions prior to 3.31 for all platforms or OS

NVIDIA Triton Inference Server versions prior to 25.09 for Linux and Windows

NVIDIA NeMo Framework versions prior to 2.5.0 for all platforms or OS

NVIDIA Megatron LM versions prior to 0.14.0 for all platforms or OS

Overview

Multiple vulnerabilities have been reported in NVIDIA products which could allow an attacker to execute arbitrary code, gain elevated privileges, disclose sensitive information and cause denial of service (DoS) condition on the targeted system.

Target Audience:

All organizations and individuals using NVIDIA Products.

Impact Assessment:

Potential for remote code execution, privilege escalation, information disclosure, data tampering and or denial of service.

Risk Assessment:

High risk of full system compromise or unavailability of service.

Description

Multiple vulnerabilities have been reported in NVIDIA products.

Solution

Apply appropriate fixes as mentioned in NVIDIA Security Advisory:  

https://nvidia.custhelp.com/app/answers/detail/a_id/5712

https://nvidia.custhelp.com/app/answers/detail/a_id/5718

https://nvidia.custhelp.com/app/answers/detail/a_id/5723

https://nvidia.custhelp.com/app/answers/detail/a_id/5724

Vendor Information

NVIDIA

https://www.nvidia.com/en-in/

References

NVIDIA

https://nvidia.custhelp.com/app/answers/detail/a_id/5712

https://nvidia.custhelp.com/app/answers/detail/a_id/5718

https://nvidia.custhelp.com/app/answers/detail/a_id/5723

https://nvidia.custhelp.com/app/answers/detail/a_id/5724

CVE Name

CVE-2025-33186

CVE-2025-33185

CVE-2025-33202

CVE-2025-23361

CVE-2025-33178

CVE-2025-23357

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkoUzsACgkQ3jCgcSdc

ys++qQ/9EnwXnu53mM+Jl65ygyK9i+cy2cl4hS7MgM1on4bX+rqjH7K9AXQHwVvi

GaSED8UA9oNcj8mNQj5x7H/AdFMkWAVojktdV21FnRx0GGunqunPKh5+L5RVxLrJ

gg2Egrqa1SY52R0T1qmzS9tUXnjTdkTnelWCQh3oe4f9a+hHBLc3zC5Nd2q3NSIb

jnNg6cRX8PCYBcwezlgOuU8iS17LeTAvSYAmHu6D/W0M9/1+03Ve2IqEiJuz/j4y

NGl7qxHyBxffA/Ai1A02SjsN5GDZfjG32neFljYB818aW082W0AR92IguT9+eHT9

JxjNxDTO7eNnle09FtjwGhByRc0xiph9XCu1ZYf+mfvgJrJjynw+JDBb5JW4IrW+

h2rjmCTmwUs49Qvu++zUHJrG8ctEJK9VLARxCHwIhFUXyjhFrvWyCq1GcG0T5Uws

OGmacLxIHKPTq3opSWIIELAs0LuITNUTOjEQXZxQM4E5x6EF/bOG0PuoCaiP/30Y

/UKyjW93WDhh2kMk524a024Vcw4XmMYt6zEmhUgQ/9lrxOCdSlY87WDCOY2AtXFD

SPd8MNoI3nEC9F2ayKKXVGInq/1oPh2X9k3zzgfY3gXRHTIini285IsQDbOt6DLu

EPALxnDdkME13YkmVMXmLIZ8xhiEfHqr40W5sH7KvngW6sfPQ4w=

=/MIP

—–END PGP SIGNATURE—–