NVIDIA Patches Critical RCE Flaw (CVE-2025-23316, CVSS 9.8) in Triton Inference Server

NVIDIA has released a software update addressing multiple high- and critical-severity vulnerabilities in its Triton Inference Server, a widely used platform for deploying AI models in production. The flaws affect both Windows and Linux versions and could enable attackers to execute arbitrary code, cause denial of service, or corrupt memory if left unpatched.

The most severe issue, CVE-2025-23316 (CVSS 9.8 – Critical), resides in the Python backend of Triton. An attacker could manipulate the model name parameter in the model control APIs to achieve remote code execution.

As the bulletin warns, “A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.”

In addition to CVE-2025-23316, NVIDIA disclosed several other significant vulnerabilities:

• CVE-2025-23268 (CVSS 8.0 – High): An improper input validation bug in the DALI backend, potentially leading to code execution.
• CVE-2025-23328 (CVSS 7.5 – High): An out-of-bounds write issue caused by specially crafted input, resulting in denial of service.
• CVE-2025-23329 (CVSS 7.5 – High): Memory corruption in the Python backend’s shared memory region, allowing denial of service attacks.
• CVE-2025-23336 (CVSS 4.4 – Medium): A denial-of-service condition triggered by loading a misconfigured model.

The vulnerabilities impact all Triton Inference Server versions prior to 25.08. NVIDIA has released patched builds:

• 25.08 for the main Triton Inference Server (addressing CVE-2025-23316, CVE-2025-23328, CVE-2025-23329).
• 25.07 for the DALI backend (addressing CVE-2025-23268 and CVE-2025-23336)

NVIDIA urges customers to update immediately:

• Install the patched releases from the Triton Inference Server GitHub page.
• Follow the Secure Deployment Considerations Guide for best practices.

Related Posts:

• Critical Triton Flaws (CVSS 9.8) Expose AI Servers to Remote Takeover – Patch Now!
• Python-Powered Triton RAT Exfiltrates Data via Telegram and Evades Analysis
• PoC Published for Critical Nvidia Triton Inference Server Vulnerabilities
• CVE-2024-0087: NVIDIA Releases Security Patch for Critical Flaw in Triton Inference Server
• AI’s New Attack Vector: How Real-Time Bots Are Straining Websites