CVE-2025-23280: 
NVIDIA Graphics Driver vulnerability analysis and mitigation

NVIDIA Display Driver for Linux contains a vulnerability identified as CVE-2025-23280, discovered and disclosed on October 9, 2025. The vulnerability is a use-after-free issue affecting NVIDIA GPU Display Drivers across multiple product lines including GeForce, NVIDIA RTX, Quadro, NVS, and Tesla series running on Linux operating systems (NVIDIA Bulletin).

The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (High) with the vector string AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, has high attack complexity, needs low privileges, and requires no user interaction. The vulnerability is classified as CWE-416 (Use After Free) and affects various driver branches including R580, R570, and R535 (NVIDIA Bulletin).

A successful exploitation of this vulnerability could lead to multiple severe consequences including code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The vulnerability affects all driver versions prior to 580.95.05 for R580, 570.195.03 for R570, and 535.274.02 for R535 branches (NVIDIA Bulletin).

NVIDIA has released software security updates to address this vulnerability. Users are advised to update their drivers to version 580.95.05 for R580 branch, 570.195.03 for R570 branch, or 535.274.02 for R535 branch depending on their current installation. These updates are available through the NVIDIA Driver Downloads page (NVIDIA Bulletin).