CVE-2025-23322: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability identified as CVE-2025-23322, discovered and disclosed in August 2025. The vulnerability affects all versions of the Triton Inference Server prior to version 25.06. This security issue involves a double free condition that can occur when multiple requests are processed and a stream is cancelled before it is processed (NVIDIA Advisory, NVD).

The vulnerability is classified as CWE-415 (Double Free) and has been assigned a CVSS v3.1 Base Score of 7.5 (High) with the vector string AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The technical nature of the vulnerability involves a race condition where multiple requests can trigger a double free memory corruption when a stream is cancelled before it completes processing (NVIDIA Advisory).

A successful exploitation of this vulnerability can lead to denial of service (DoS) conditions in the affected systems. The high CVSS score of 7.5 indicates significant potential impact on system availability, though there are no direct impacts on confidentiality or integrity (NVIDIA Advisory).

NVIDIA has released version 25.06 of the Triton Inference Server to address this vulnerability. Users are strongly advised to update to this version or later. For production deployments, NVIDIA recommends following the Secure Deployment Considerations Guide and ensuring that logging and shared memory APIs are properly protected for authorized users only (NVIDIA Advisory).