CVE-2025-23275

Published: Sep 24, 2025Modified: Oct 6, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

Affected (2)

Products: Nvidia: Cuda Toolkit, Nvjpeg

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nvidia Cuda Toolkit	Before 13.0.0

Configuration B

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Nvidia Nvjpeg	All versions

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions
Nvidia Driveos	All versions
Nvidia Linux For Tegra	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-23275

Source: psirt@nvidia.com

Third Party Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5661

Source: psirt@nvidia.com

Vendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-23275

Source: psirt@nvidia.com

Third Party Advisory

Timeline

No history available yet.