Particle.news

Download on the App Store

NVIDIA Releases Triton Server Version 25.07 to Patch Critical Python-Backend Flaws

Version 25.07 closes three chainable CVEs that could let unauthenticated attackers seize control of AI inference servers

Image: Sundry Photography/Adobe Stock
Nvidia Triton AI vulnerability
Image
Nvidia AI servers had a big security flaw

Overview

  • Wiz researchers Ronen Shustin and Nir Ohfeld identified three vulnerabilities (CVE-2025-23319, CVE-2025-23320 and CVE-2025-23334) in Triton’s Python backend that can be chained to achieve remote code execution and full server takeover on Windows and Linux
  • On August 4, NVIDIA published a security bulletin and updated Triton Inference Server to version 25.07, fixing those three Python-backend flaws along with three other critical bugs (CVE-2025-23310, CVE-2025-23311 and CVE-2025-23317)
  • There is no evidence that any of the new vulnerabilities have been exploited in the wild since their May disclosure, but users are strongly urged to apply the latest update to protect AI models and data
  • Exploitation could allow attackers to steal proprietary AI models, tamper with inference outputs, exfiltrate sensitive information and use compromised servers as a foothold for further network intrusion
  • The incident highlights mounting security risks in large-scale AI infrastructure and underscores the importance of defense-in-depth strategies and timely patch management