Particle.news
Download on the App Store
5 ARTICLES
·
3w ago

NVIDIA Releases Urgent Patch for Triton Server Remote Code Execution Flaws

Version 25.07 seals chained Python backend flaws including three further critical bugs to safeguard Triton-based AI servers.

Nvidia Triton AI vulnerability
Nvidia AI servers had a big security flaw
Image
Image

Overview

  • Wiz researchers disclosed three high-severity CVEs in Triton’s Python backend on August 4 that can be chained by unauthenticated actors for remote code execution.
  • CVE-2025-23319 (CVSS 8.1), CVE-2025-23320 (CVSS 7.5) and CVE-2025-23334 (CVSS 5.9) enable out-of-bounds write, shared memory abuse and read vulnerabilities.
  • A successful exploit chain could result in full server compromise with data tampering, denial of service and theft of proprietary AI models.
  • NVIDIA’s August bulletin and Triton version 25.07 also address three additional critical bugs (CVE-2025-23310, CVE-2025-23311 and CVE-2025-23317) to strengthen AI deployment security.
  • There are no reports of active exploitation in the wild and organizations are urged to apply the latest updates immediately to protect their AI infrastructure.