CVE-2025-23323 – NVIDIA Triton Inference Server contains an inte... (How to Fix)

Q: What is the severity of CVE-2025-23323?

CVE-2025-23323 has a CVSS score of 7.5 (HIGH). NVIDIA Triton Inference Server contains an integer overflow vulnerability where sending an invalid request can cause a segmentation fault and crash the service. This affects all users running vulnerable versions on Windows or Linux systems. The vulnerability leads to denial of service, disrupting AI inference workloads.

📋 TL;DR

NVIDIA Triton Inference Server contains an integer overflow vulnerability where sending an invalid request can cause a segmentation fault and crash the service. This affects all users running vulnerable versions on Windows or Linux systems. The vulnerability leads to denial of service, disrupting AI inference workloads.

💻 Affected Systems

Products:

NVIDIA Triton Inference Server

Versions: All versions prior to the patched release

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Triton Inference Server by Nvidia

View all CVEs affecting Triton Inference Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption causing extended downtime for AI inference services, potentially affecting critical applications that depend on real-time model inference.

🟠

Likely Case

Service crashes requiring manual restart, causing temporary disruption to inference workloads until service is restored.

🟢

If Mitigated

Minimal impact with proper network segmentation and request validation in place, though service could still crash if exploited.

🌐 Internet-Facing: HIGH - Internet-facing Triton servers are directly exposed to potential DoS attacks from unauthenticated attackers.

🏢 Internal Only: MEDIUM - Internal servers are still vulnerable but require network access; risk depends on internal threat landscape and segmentation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a specially crafted invalid request; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA advisory for specific patched version

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5687

Restart Required: Yes

Instructions:

1. Review NVIDIA security advisory for patched version
2. Download latest Triton Inference Server from NVIDIA NGC
3. Stop current Triton service
4. Install updated version
5. Restart Triton service
6. Verify service functionality

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to Triton Inference Server to trusted networks only

# Linux firewall example
sudo iptables -A INPUT -p tcp --dport 8000 -s trusted_network -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8000 -j DROP

Request Validation Proxy

all

Deploy a reverse proxy with request validation to filter malicious requests

# nginx config snippet
location /v2/models/ {
    proxy_pass http://triton:8000;
    # Add request size limits and validation
    client_max_body_size 10M;
}

🧯 If You Can't Patch

Implement strict network segmentation to isolate Triton servers from untrusted networks
Deploy monitoring and alerting for service crashes with automated restart capabilities

🔍 How to Verify

Check if Vulnerable:

Check Triton version against NVIDIA advisory; if running unpatched version, assume vulnerable

Check Version:

curl -v http://localhost:8000/v2/health/ready 2>&1 | grep -i version

Verify Fix Applied:

Verify Triton version matches patched version from NVIDIA advisory and test with normal inference requests

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Triton logs
Unexpected service termination
High volume of malformed requests

Network Indicators:

Spike in malformed HTTP requests to Triton port
Requests with unusual payload sizes or structures

SIEM Query:

source="triton.logs" AND ("segmentation fault" OR "SIGSEGV" OR "unexpected termination")

📊 Metadata

CVE ID: CVE-2025-23323

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.11% exploit probability (29.8th percentile)

Published: August 6, 2025

Last Updated: August 12, 2025

🔗 References

https://nvd.nist.gov/vuln/detail/CVE-2025-23323 US Government Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5687 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-23323 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23323, you might also want to check these: