CVE-2025-33202: 
Triton Inference Server vulnerability analysis and mitigation

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability identified as CVE-2025-33202, discovered and disclosed on November 11, 2025. The vulnerability affects all versions of the Triton Inference Server prior to version 25.09. This security flaw allows attackers to cause a stack overflow condition by sending extra-large payloads to the server (NVIDIA Bulletin, NVD).

The vulnerability is classified as a Stack-based Buffer Overflow (CWE-121). According to the CVSS v3.1 scoring system, it has received a base score of 7.5 (High severity) with the vector string AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, and requires no user interaction (NVIDIA Bulletin).

A successful exploitation of this vulnerability can lead to a denial of service condition in the affected Triton Inference Server installations. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity of the system (NVIDIA Bulletin).

NVIDIA has released version 25.09 of the Triton Inference Server to address this vulnerability. Users are strongly advised to update to this version. The fix is available through the Triton Inference Server Releases page on GitHub. NVIDIA also recommends reviewing their Secure Deployment Considerations Guide for additional security measures (NVIDIA Bulletin).

The vulnerability was responsibly disclosed by security researcher Parker Cowan, who was acknowledged by NVIDIA in their security bulletin (NVIDIA Bulletin).