Image: Nvidia
NVIDIA has released a software update for NVIDIA Riva to address potential security vulnerabilities. The security update addresses vulnerabilities that could potentially lead to escalation of privileges, data tampering, denial of service, or information disclosure.
NVIDIA Riva is described as a set of GPU-accelerated multilingual speech and translation microservices for building fully customizable, real-time conversational AI pipelines. It includes automatic speech recognition (ASR), text-to-speech (TTS), and neural machine translation (NMT) and can be deployed across various environments, including clouds, data centers, the edge, and embedded devices. Riva enables organizations to integrate speech and translation capabilities with large language models (LLMs) and retrieval-augmented generation (RAG) to enhance chatbots into multilingual assistants and avatars.
The security update focuses on resolving improper access control issues. The vulnerabilities and their potential impacts are detailed below:
-
CVE-2025-23242: NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. This vulnerability has a base score of 7.3 and is rated as High severity.
-
CVE-2025-23243: NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. This vulnerability has a base score of 6.5 and is rated as High severity.
The affected product, affected versions, and the updated version are as follows:
| CVE IDs Addressed | Affected Products | Platform or OS | Affected Versions | Updated Version |
|---|---|---|---|---|
| CVE-2025-23242 CVE-2025-23243 |
NVIDIA Riva | Linux | All versions up to and including 2.18.0 | 2.19.0 |
NVIDIA has also issued a note indicating that earlier software releases of NVIDIA Riva are affected and advises users using earlier releases to upgrade to the latest release version.
NVIDIA acknowledges David Fiser and Alfredo Oliveira of Nebula of Trend Micro for reporting these issues.
