CVE-2025-23323: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability identified as CVE-2025-23323, discovered and disclosed in August 2025. The vulnerability affects all versions of the Triton Inference Server prior to version 25.05. This security issue involves an integer overflow or wraparound condition that can be triggered when a user provides an invalid request (NVIDIA Advisory, NVD).

The vulnerability is classified as CWE-190 (Integer Overflow or Wraparound) with a CVSS v3.1 base score of 7.5 (High severity). The attack vector is characterized as network-accessible (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVIDIA Advisory).

A successful exploitation of this vulnerability leads to denial of service through a segmentation fault. The vulnerability specifically affects the server's ability to handle invalid requests, potentially causing service disruption in production environments (NVIDIA Advisory).

NVIDIA has released version 25.05 of the Triton Inference Server to address this vulnerability. Users are strongly advised to update to this version or later. Additionally, NVIDIA recommends that users deploying the Triton Inference Server in production settings should follow the Secure Deployment Considerations Guide and ensure that logging and shared memory APIs are protected for use by authorized users only (NVIDIA Advisory).