CVE-2024-53880: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server contains a vulnerability in the model loading API (CVE-2024-53880), discovered in February 2025. The vulnerability affects Triton Inference Server versions 24.11 and earlier on both Windows and Linux platforms. This security issue was reported by security researchers 7resp4ss and Guang Gong from the 360 Vulnerability Research Institute (NVIDIA Bulletin).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) that occurs when loading a model with an extra-large file size, which can overflow an internal variable. The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H, indicating that it requires high privileges but can be exploited over the network with low attack complexity (NVIDIA Bulletin).

A successful exploitation of this vulnerability can lead to denial of service (DoS) of the Triton Inference Server. The impact is limited to availability, with no direct impact on confidentiality or integrity of the system (NVIDIA Bulletin).

NVIDIA has released version 24.12 of the Triton Inference Server to address this vulnerability. Users are advised to upgrade to this latest version. For those using earlier branch releases, NVIDIA recommends upgrading to the latest branch release (NVIDIA Bulletin).