CVE-2025-23255: 
CUDA Toolkit vulnerability analysis and mitigation

NVIDIA CUDA Toolkit contains a vulnerability (CVE-2025-23255) in the cuobjdump binary that was disclosed on September 24, 2025. The vulnerability affects all platforms running CUDA Toolkit versions prior to CUDA Toolkit 13.0. This security issue involves an out-of-bounds read vulnerability that can be triggered by passing a malformed ELF file to cuobjdump (NVIDIA Bulletin).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) with a CVSS v3.1 base score of 3.3 (Low). The vulnerability has the following CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L, indicating local attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and low impact on availability (NVIDIA Bulletin, NVD).

A successful exploitation of this vulnerability may lead to a partial denial of service. The vulnerability affects system availability but does not impact confidentiality or integrity (NVIDIA Bulletin).

NVIDIA has released CUDA Toolkit 13.0 which addresses this vulnerability. Users are recommended to upgrade to this version to protect their systems. The fix is available through the CUDA Toolkit Downloads page (NVIDIA Bulletin).

The vulnerability has been acknowledged by major Linux distributions including Ubuntu, which has classified it as a medium priority security issue and is currently evaluating the vulnerability for various Ubuntu releases (Ubuntu Security).