CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23270
https://notcve.org/view.php?id=CVE-2025-23270
17 Jul 2025 — NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5662 • CWE-392: Missing Report of Error Condition •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23267
https://notcve.org/view.php?id=CVE-2025-23267
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. A flaw was found in the NVIDIA Container Toolkit. This vulnerability allows execution of arbitrary code with elevated permissions via improperly secured container initializatio... • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23260
https://notcve.org/view.php?id=CVE-2025-23260
24 Jun 2025 — NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5660 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23265
https://notcve.org/view.php?id=CVE-2025-23265
24 Jun 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23264
https://notcve.org/view.php?id=CVE-2025-23264
24 Jun 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23252
https://notcve.org/view.php?id=CVE-2025-23252
18 Jun 2025 — The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5651 • CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23247
https://notcve.org/view.php?id=CVE-2025-23247
27 May 2025 — NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5643 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23246
https://notcve.org/view.php?id=CVE-2025-23246
01 May 2025 — NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5630 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23254
https://notcve.org/view.php?id=CVE-2025-23254
01 May 2025 — NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5648 • CWE-502: Deserialization of Untrusted Data •