The newly disclosed set set of security flaws in Nvidia’s Triton Inference Server for Windows and Linux is an open source platform for running artificial intelligence (AI) models at scale and could potentially be utilized to take over sensitive servers.
“If these flaws are chained together, remote, unauthorized attackers could gain full control of the server and achieve remote code execution (RCE),” Wiz researchers Ronen Shustin and Nir Ohfeld said in a report released today.
The vulnerabilities are listed below –
CVE-2025-23319 (CVSS score: 8.1) – Python backend vulnerability. The attacker could cause unbound writes by sending a request for CVE-2025-23320 (CVSS score: 7.5). (CVSS score: 5.9) – Python backend vulnerability.
The successful exploitation of the aforementioned vulnerability in the case of CVE-2025-23319 can result in remote code execution, denial of service, and data tampering, as well as information disclosure. The issue is addressed in version 25.07.
Cloud Security Company said it can combine three drawbacks that change the issue from information leaks to information breach without the need for credentials.
Specifically, the problem is rooted in a Python backend designed to handle inference requests for Python models from major AI frameworks such as Pytorch and Tensorflow.
In the attack outlined by Wiz, threat actors can leverage CVE-2025-23320 to leak the full unique name of the internal IPC shared memory area of the backend, and are keys that should remain private, leveraging the remaining two flaws to get full control over the inference server.
“This poses a significant risk to organizations using Triton for AI/ML. A successful attack can lead to theft of valuable AI models, exposure of sensitive data, manipulating AI models’ responses, and scaffolding for attackers to move deeper into the network,” the researchers said.
Nvidia’s August August Breaking News for Triton Inference Server also highlights fixes for three important bugs (CVE-2025-23310, CVE-2025-23311, and CVE-2025-23317).
Although there is no evidence that any of these vulnerabilities are being exploited in the wild, users are advised to apply the latest updates for optimal protection.
Source link
