CVE-2025-23260

Published: Jun 24, 2025Modified: Dec 15, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Affected (1)

Products: Nvidia: Aistore

Nvidia

1 product

Aistore

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nvidia Aistore	Before 2.3.0

Related CWEs

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (1)

https://nvidia.custhelp.com/app/answers/detail/a_id/5660

Source: psirt@nvidia.com

Vendor Advisory

Timeline

No history available yet.