CVE-2025-23345 – This vulnerability in NVIDIA Display Driver's v... (How to Fix)

Q: What is the severity of CVE-2025-23345?

CVE-2025-23345 has a CVSS score of 4.4 (MEDIUM). This vulnerability in NVIDIA Display Driver's video decoder allows attackers to read memory beyond allocated boundaries. It affects Windows and Linux systems with vulnerable NVIDIA GPU drivers, potentially exposing sensitive data or causing system crashes.

📋 TL;DR

This vulnerability in NVIDIA Display Driver's video decoder allows attackers to read memory beyond allocated boundaries. It affects Windows and Linux systems with vulnerable NVIDIA GPU drivers, potentially exposing sensitive data or causing system crashes.

💻 Affected Systems

Products:

NVIDIA Display Driver

Versions: Specific versions not detailed in references; check NVIDIA advisory for exact ranges

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with NVIDIA GPUs using vulnerable driver versions; exact GPU models not specified

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents or complete denial of service through system crash/reboot

🟠

Likely Case

Application crashes or system instability when processing malicious video content

🟢

If Mitigated

No impact with patched drivers or proper security controls

🌐 Internet-Facing: LOW - Requires local access or ability to deliver malicious video content

🏢 Internal Only: MEDIUM - Could be exploited via malicious video files in internal networks

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to trigger video decoder with malicious content; no public exploit details available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA advisory for specific fixed versions

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5703

Restart Required: No

Instructions:

1. Visit NVIDIA Driver Downloads page 2. Select your GPU and OS 3. Download latest driver 4. Run installer 5. Follow on-screen instructions

🔧 Temporary Workarounds

Disable hardware video acceleration

all

Prevents use of vulnerable video decoder by forcing software decoding

🧯 If You Can't Patch

Restrict video file processing from untrusted sources
Implement application whitelisting to prevent unauthorized video players

🔍 How to Verify

Check if Vulnerable:

Check NVIDIA driver version against advisory; vulnerable if using affected version

Check Version:

nvidia-smi (Linux) or NVIDIA Control Panel > System Information (Windows)

Verify Fix Applied:

Verify driver version matches or exceeds patched version from NVIDIA advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes related to video playback
System event logs showing display driver failures

Network Indicators:

Unusual video file transfers to target systems

SIEM Query:

EventID 1000 or 1001 with nvlddmkm.sys or nvidia driver references

📊 Metadata

CVE ID: CVE-2025-23345

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-125

EPSS Score: 0.02% exploit probability (5.2th percentile)

Published: October 23, 2025

Last Updated: October 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23345, you might also want to check these: