CVE-2025-23328: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability (CVE-2025-23328) where an attacker could cause an out-of-bounds write through a specially crafted input. The vulnerability was disclosed on September 16, 2025, affecting all versions of Triton Inference Server prior to version 25.08 (NVIDIA Bulletin).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 7.5 (High). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), and requires no user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H) (NVIDIA Bulletin, NVD).

A successful exploitation of this vulnerability might lead to denial of service in the affected Triton Inference Server installations (NVIDIA Bulletin, Security Online).

NVIDIA has released version 25.08 of the Triton Inference Server to address this vulnerability. Users are strongly advised to update to this latest version. Additionally, NVIDIA recommends following the Secure Deployment Considerations Guide and ensuring that logging and shared memory APIs are protected for use by authorized users only (NVIDIA Bulletin, ASEC).