—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in NVIDIA Triton Inference Server 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

NVIDIA Triton Inference Server versions prior to 25.07 for Windows and Linux

Overview

Multiple vulnerabilities have been reported in NVIDIA Triton Inference Server, which could allow a remote attacker to execute arbitrary code, cause denial of service, or disclose sensitive information on the affected system.

Target Audience:

All individual and organisational users deploying NVIDIA Triton Inference Server.

Risk Assessment:

High risk of remote code execution, denial of service, and information disclosure.

Impact Assessment:

Potential for unauthorised access, escalation of privileges, data theft, denial of service, and complete server compromise.

Description

NVIDIA Triton Inference Server is an open-source software platform that facilitates scalable and efficient AI model inference across multiple frameworks, models, and GPUs.

Multiple vulnerabilities affecting core components and backends have been identified in NVIDIA Triton Inference Server. An attacker could exploit these vulnerabilities by sending specially crafted inputs or HTTP requests to the server.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, cause denial of service, or disclose sensitive information on the affected system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://nvidia.custhelp.com/app/answers/detail/a_id/5687

Vendor Information

NVIDIA

https://nvidia.custhelp.com/app/answers/detail/a_id/5687

References

NVIDIA

https://nvidia.custhelp.com/app/answers/detail/a_id/5687

CVE Name

CVE-2025-23310

CVE-2025-23311

CVE-2025-23317

CVE-2025-23318

CVE-2025-23319

CVE-2025-23320

CVE-2025-23321

CVE-2025-23322

CVE-2025-23323

CVE-2025-23324

CVE-2025-23325

CVE-2025-23326

CVE-2025-23327

CVE-2025-23331

CVE-2025-23333

CVE-2025-23334

CVE-2025-23335

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiWBXEACgkQ3jCgcSdc

ys+4mA/9G5HcM+yubT1xG3kQS1vEuGGV91+X/zx9oX/tV5EYSN3+oEItWsYb6xUY

ofxJxriWs5aMuSHUG9/eJ4pBVoFDiP2lyRD0ADsW68SDA6FrhgtvsX3bHZJUqzam

/cBmygqPHXwP0QxNM0I+XHe5lChIf0E/nOM0XtT2u4ek/Jpcuxc16SYrOYslkBCR

URpHdUPFIwrh5fEvPT6YFc26GQX/om4eXedYS2FAak2WJDXZBr0MWdbjR/JyeVw4

SB6Y9Mt8cwxXE+vG9wfhl3Hb3G+VWo+1csHSxbFC8xw70MZh0dMjfsQi+qkd808D

EkwwjREY+pDfAtM9g8dXPZO4j0D0fUqjabxn5NL2bDvxqe409LUzb9dkvN2omrbM

I34XzxWvjNab1ui9M/W21am3JpYiuK11Cm7xJHQbauk6/ufam0MuyQ5WDmE+PFdm

uqkZ0IFD27xu+e2idgPlm0rdR/bOmQCyISxaFOYuBb8OSG+6lTfnmoUugSRW1TCP

cqtSv7iECvytYHFURkSZy418I8IL+rbf7bI76thsW6/XGBTKItWfA4YvrSpFd92m

nREb2OdyDS8PR7QyDjuB6uVYv/PfO/4Gjl/116FKZPyw1LAqbf3vnElWvHnklgU5

GoyVYkmsrl/uQfpVLtkrLxjsAUxaspm2sYBMUyF2uCHt3Ylr8No=

=wsxO

—–END PGP SIGNATURE—–