NVIDIA Triton Inference Server, part of the NVIDIA AI platform and available with NVIDIA AI Enterprise, is open-source software that standardizes AI model deployment and execution across every workload.

Triton Inference Server

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

CVE-2025-23334

Linux

Linux Kernel

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.

CVE-2025-23320

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

CVE-2025-23319

Trend Micro Apex One is an automated threat detection and response solution for endpoint protection. Apex One offers a single agent for physical, virtual, and cloud deployments.

Trend Micro Apex One Agent

Trend Micro Apex One is an automated threat detection and response solution that provides endpoint protection. Apex One offers a single agent for physical, virtual, and cloud deployments.

Trend Micro Apex One Server

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture.

CVE-2025-54987

Windows

Windows Cumulative Update

A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

CVE-2025-54948

Python is a high-level, general-purpose programming language. Its key feature is the high readability of the code. It supports multiple programming paradigms, including Object-Oriented Programming (OOP) and Functional Programming.

Python

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. An attacker could  also contrive a "stacked" ZIP input with multiple internal ZIPs, which would be handled differently by different package installers. The attacker could choose which installer to target in both scenarios. This issue is fixed in version 0.8.6. To work around this issue, users may choose to set UV_INSECURE_NO_ZIP_VALIDATION=1 to revert to the previous behavior.

CVE-2025-54368

GitHub Advisory Database

Ruby is a scripting language designed for simplified object-oriented programming.

Ruby

### Overview
The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs.
### Impact
- JWEs can be modified to decrypt to an arbitrary value
- JWEs can be decrypted by observing parsing differences
- The GCM internal [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode#:~:text=\)%20is%20the-,hash%20key,-%2C%20a%20string%20of) can be recovered
### Am I Affected?
You are affected by this vulnerability even if you do not use an `AES-GCM` encryption algorithm for your JWEs.
### Patches
The version 1.1.1 fixes the issue by adding the tag length check for the `AES-GCM` algorithm.
**Important:** As the [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode#:~:text=\)%20is%20the-,hash%20key,-%2C%20a%20string%20of) could have leaked, you must rotate the encryption keys after upgrading to version 1.1.1.
### References
[Félix Charette talk at NorthSec 2025 about the issue](https://www.youtube.com/watch?v=9IT659uUXfs&t=15830s)

CVE-2025-54887

RubyGems

Linux openSUSE

Alpine Linux is a Linux distribution based on musl and BusyBox, designed for security, simplicity, and resource efficiency.

Linux Alpine

In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVE-2025-47808

Alpine

Alpine Security Tracker

In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.

CVE-2025-47807

In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-23334	MEDIUM	5.9	Triton Inference Server	cpe:2.3:a:nvidia:triton_inference_server	No	Yes	Aug 06, 2025
CVE-2025-23320	HIGH	7.5	Triton Inference Server	cpe:2.3:a:nvidia:triton_inference_server	No	Yes	Aug 06, 2025
CVE-2025-23319	HIGH	8.1	Triton Inference Server	cpe:2.3:a:nvidia:triton_inference_server	No	Yes	Aug 06, 2025
CVE-2025-54987	CRITICAL	9.4	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Aug 05, 2025
CVE-2025-54948	CRITICAL	9.4	Trend Micro Apex One Agent	cpe:2.3:a:trendmicro:apex_one	No	Yes	Aug 05, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-54368	MEDIUM	6.8	Python	uv	No	Yes	Aug 08, 2025
CVE-2025-54887	CRITICAL	9.1	Ruby	jwe	No	Yes	Aug 07, 2025
CVE-2025-47808	MEDIUM	5.6	Linux openSUSE	gstreamer-plugins-base-32bit	No	Yes	Aug 07, 2025
CVE-2025-47807	N/A	N/A	Linux openSUSE	libgstallocators-1_0-0	No	Yes	Aug 07, 2025
CVE-2025-47806	N/A	N/A	Linux openSUSE	gstreamer-plugins-base-devel	No	Yes	Aug 07, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?