CVE-2025-23245

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-23245
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5630
Configurations

No configuration.

History

02 May 2025, 13:53

Type Values Removed Values Added
Summary
  • (es) El software NVIDIA vGPU para Windows y Linux contiene una vulnerabilidad en el Administrador de GPU Virtual (complemento vGPU), que permite a un invitado acceder a recursos globales. Una explotación exitosa de esta vulnerabilidad podría provocar una denegación de servicio.

01 May 2025, 15:16

Type Values Removed Values Added
References
  • {'url': 'https://nvidia.custhelp.com/app/answers/detail/a_id/5648', 'source': 'psirt@nvidia.com'}
  • () https://nvidia.custhelp.com/app/answers/detail/a_id/5630 -
Summary (en) NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering. (en) NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
CWE CWE-502 CWE-732
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 5.5

01 May 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-01 14:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-23245

Mitre link : CVE-2025-23245

CVE.ORG link : CVE-2025-23245

JSON object : View

Products Affected

No product.

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource