CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23270
https://notcve.org/view.php?id=CVE-2025-23270
17 Jul 2025 — NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5662 • CWE-392: Missing Report of Error Condition •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23267
https://notcve.org/view.php?id=CVE-2025-23267
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute low... • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23260
https://notcve.org/view.php?id=CVE-2025-23260
24 Jun 2025 — NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5660 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23265
https://notcve.org/view.php?id=CVE-2025-23265
24 Jun 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23264
https://notcve.org/view.php?id=CVE-2025-23264
24 Jun 2025 — NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5663 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23252
https://notcve.org/view.php?id=CVE-2025-23252
18 Jun 2025 — The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure. • https://nvidia.custhelp.com/app/answers/detail/a_id/5651 • CWE-1244: Internal Asset Exposed to Unsafe Debug Access Level or State •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23247
https://notcve.org/view.php?id=CVE-2025-23247
27 May 2025 — NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5643 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23246
https://notcve.org/view.php?id=CVE-2025-23246
01 May 2025 — NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5630 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23254
https://notcve.org/view.php?id=CVE-2025-23254
01 May 2025 — NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5648 • CWE-502: Deserialization of Untrusted Data •