NVIDIA Patches Multi Flaws in Delegated License Service, Allows Unauthenticated Access and DoS
Do Son 
NVIDIA has issued a security bulletin addressing multiple vulnerabilities across the NVIDIA App for Windows and the Delegated License Service (DLS) component of the NVIDIA License System. The flaws range from privilege escalation to denial of service and information disclosure, underscoring the risks to both end-users and enterprise deployments.
CVE-2025-23297: Privilege Escalation in NVIDIA App
The most notable issue affects the NVIDIA App installer on Windows platforms. According to the bulletin, βNVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.β
This vulnerability is rated 7.8 and affects all versions prior to 11.0.5.245. Users should update to NVIDIA App version 11.0.5.245 to mitigate the risk.
CVE-2025-23293: Unauthenticated Access in NVIDIA DLS
A far more severe flaw lies in the NVIDIA Delegated License Service (DLS). The bulletin warns: βNVIDIA DLS for all appliance platforms contains a vulnerability where an unauthenticated user can access sensitive information, which could cause commands to be run on the system. A successful exploit of this vulnerability might lead to denial of service.β
With a CVSS base score of 8.7, this vulnerability represents a serious risk in enterprise environments where NVIDIAβs license system is deployed for managing GPU resources.
CVE-2025-23292: SQL Injection in DLS
Another issue, CVE-2025-23292, involves a SQL injection vulnerability in the DLS. NVIDIA explains that βan attacker could cause an unauthorized action. A successful exploit of this vulnerability might lead to partial denial of service.β
This flaw carries a CVSS score of 4.6, making it a moderate risk, but still significant in high-value enterprise contexts.
CVE-2025-23291: Information Disclosure
The third DLS-related flaw, CVE-2025-23291, is an information disclosure vulnerability. As stated in the advisory: βNVIDIA DLS for all appliance platforms contains a vulnerability where an attacker could cause an unauthorized action. A successful exploit of this vulnerability might lead to information disclosure.β
With a CVSS score of 2.4, this issue is less critical, but still requires patching as part of defense-in-depth.
Fixed Versions and Upgrade Guidance
NVIDIA has released patched versions addressing all the above vulnerabilities:
- NVIDIA App (Windows 10/11): Upgrade to v11.0.5.245 or later.
- NVIDIA DLS (all appliance platforms): Upgrade to v3.5.1 or v3.1.7, depending on the deployment.
Administrators are advised to follow the migration guidance in the NVIDIA License System User Guide to streamline the upgrade process.
Related Posts:
- Hacker group threatens to expose Nvidia driver and firmware data
- Nvidia’s internal systems were attacked by hackers
- The New Price of AI Chips for China: NVIDIA and AMD Will Give 15% of Revenue to U.S. Governmen
- Samsung allegedly hit by hackers
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
