- Security researchers have found three flaws in the Nvidia Triton inference server
- When used together, they can grant remote code execution capacities
- A fix has been published, so users must update immediately
NVIDIA TRITON INFERENCE SERVER has brought three vulnerabilities which, when combined, could lead to the execution of the remote code (RCE) and at other risks, WIZ security experts have warned
Triton is a free open source tool working on Windows and Linux which helps companies effectively execute AI models on servers, whether in the cloud, on site or on the edge.
It supports many popular AI frameworks and accelerates tasks by managing several models at the same time and grouping similar requests.
Post the flaw
Wiz found three faults in the Backend Python:
CVE-2025-23319 (Out-of Bounds Write Bug with a gravity score of 8.1 / 10), CVE-2025-23320 (shared memory limit exceeding vulnerability with a gravity score of 7.5 / 10) and CVE-2025-23334 (an out-of-limited vulnerability with a score of 5.9 / 10).
“When they are chained, these faults can potentially allow a remote and unauthenticated attacker to take complete control of the server, by carrying out the execution of remote code (RCE),” said WIZ in his security notice.
The risk is also real, they added, stressing that companies lose sensitive data:
“This represents a critical risk for organizations using Triton for IA / ML, because a successful attack could lead to the theft of precious AI models, to the exposure of sensitive data, to the manipulation of the responses of the AI model and from a point of view so that the attackers find themselves more deeply in a network,” added the researchers.
NVIDIA said that he had addressed the problems of version 25.07, and users are “highly recommended” to update themselves to the latest version as soon as possible.
At the time of the press, there was no report on anyone who abused these faults in the wild, but many cybercriminals will wait for a vulnerability to be disclosed to targeted organizations which are not so diligent during the corrective and keep their parameters vulnerable for longer periods.
Via The Hacker News
