CVE-2025-23320: 
Triton Inference Server 脆弱性の分析と軽減

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability (CVE-2025-23320) in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. The vulnerability affects all versions prior to 25.07 and has been assigned a CVSS v3.1 base score of 7.5 (High) (NVIDIA Bulletin).

The vulnerability exists in the Python backend's handling of shared memory limits. When an attacker sends a specially crafted large request, it can trigger an exception that leads to the shared memory limit being exceeded. The vulnerability has been assigned CWE-209 (Generation of Error Message Containing Sensitive Information) and has a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating network accessibility with low attack complexity and no required privileges or user interaction (NVD).

A successful exploitation of this vulnerability leads to information disclosure. The vulnerability is particularly concerning as it can expose sensitive information through error messages that contain internal system details (NVIDIA Bulletin, Wiz Blog).

NVIDIA has released version 25.07 of the Triton Inference Server to address this vulnerability. Users are strongly advised to upgrade both the NVIDIA Triton Inference Server and the Python backend to this version. Additionally, organizations should follow the Secure Deployment Considerations Guide and ensure that logging and shared memory APIs are protected for use by authorized users only (NVIDIA Bulletin).

The vulnerability was part of a significant disclosure by the Wiz Research team, which demonstrated how this vulnerability could be chained with others to achieve remote code execution. The discovery has raised concerns in the AI/ML community about the security of inference servers and the potential risks of exposed AI infrastructure (Wiz Blog).