Chained bugs in Nvidia's Triton Inference Server lead to full system compromise

Threat Score:

6 articles

100.0% similarity

22 hours ago

Activity Timeline

6 articles

Click to navigate

Aug 04

Aug 05

Oldest

Latest

Key Insights

Nvidia has patched over a dozen vulnerabilities in its Triton Inference Server, including critical vulnerabilities that allow remote code execution (RCE) and full server takeover, according to reports from Wiz Research.

The vulnerabilities, identified as CVE-2025-23319 (CVSS score: 8.1), CVE-2025-23320 (CVSS score: 7.5), and CVE-2025-23334 (CVSS score: 5.9), could be exploited to steal AI models and expose sensitive data.

Wiz researchers highlighted that a combination of a memory leak and insufficient input validation can lead to complete system compromise without user authentication, posing significant risks to organizations relying on AI infrastructure.

The flaws affect both Windows and Linux versions of the Triton Inference Server, which is widely used for deploying AI models across various frameworks like TensorFlow and PyTorch.

Nvidia has urged users to update to the patched version 25.07 to mitigate the risks associated with these vulnerabilities, emphasizing the urgent need for organizations to prioritize the update.

Security experts have warned that the availability of public exploit code may lower the barrier for attackers, increasing the likelihood of active exploitation.

Threat Overview

Nvidia has released critical patches for its Triton Inference Server, addressing a series of vulnerabilities that could allow remote, unauthenticated attackers to execute code and take over servers running AI models. The vulnerabilities, disclosed by Wiz Research, include CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334, with CVSS scores ranging from 5.9 to 8.1, indicating their severity. These flaws can lead to the theft of AI models, sensitive data exposure, and manipulation of model responses. 'When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server,' stated Wiz researchers Ronen Shustin and Nir Ohfeld. The vulnerabilities stem from issues in the Python backend of the Triton Inference Server, which is designed to run models from various AI frameworks.

The Triton Inference Server is a popular open-source platform, supporting major AI frameworks like TensorFlow and PyTorch through its modular backends. It allows organizations to deploy AI models at scale. The vulnerabilities discovered include a memory leak that can be exploited by sending oversized requests, leading to potential remote code execution. The researchers noted that a combination of these vulnerabilities could transform a simple information leak into a full system compromise without requiring any user credentials.

The timeline of these vulnerabilities began with their discovery by Wiz Research, who promptly reported them to Nvidia. In response, Nvidia released version 25.07 of the Triton Inference Server, which addresses these vulnerabilities. 'This research demonstrates how a series of seemingly minor flaws can be chained together to create a significant exploit,' the researchers noted.

In the wake of the disclosure, industry experts have emphasized the importance of immediate patching. Nvidia has urged all users of the Triton Inference Server to upgrade to the patched version as soon as possible. The security community is also monitoring for active exploitation, especially given the availability of public exploit code, which could facilitate attacks. Organizations are advised to conduct thorough vulnerability assessments and apply the latest patches to safeguard their AI infrastructure.

Tactics, Techniques & Procedures (TTPs)

T1190

Exploit Public-Facing Application - Exploiting vulnerabilities in the Triton Inference Server through crafted requests achieves remote code execution [1][2]

T1059.006

Server-Side Request Forgery - Utilizing memory leaks and oversized requests to manipulate server responses and gain control [3][4]

T1053

Scheduled Task/Job - Persistence through unauthorized access, enabling attackers to maintain control over the server [5]

T1003

OS Credential Dumping - Information disclosure leading to sensitive data exposure and potential credential harvesting [2][6]

T1543.003

Create or Modify System Process - Attackers may create unauthorized processes to maintain access post-compromise [4][5]

T1071.001

Application Layer Protocol: Web Protocols - Exploiting web-based APIs to achieve remote code execution [1][3]

T1583.001

Acquire Infrastructure: Domain Names - Potential use of compromised systems for further attacks on network infrastructure [2][5]

Timeline of Events

2025-07-01

Wiz Research discovers vulnerabilities in Nvidia's Triton Inference Server during routine security assessments [1]

2025-07-10

Researchers report vulnerabilities to Nvidia, outlining the potential for remote code execution [2]

2025-07-20

Nvidia acknowledges the vulnerabilities and begins work on patches [1]

2025-08-04

Nvidia releases version 25.07 of the Triton Inference Server, addressing the identified vulnerabilities [3]

2025-08-05

Security community begins monitoring for active exploitation as public exploit code becomes available [4]

Ongoing

Organizations urged to apply patches to mitigate risks associated with the vulnerabilities [5]

Source Citations

expert_quotes: {'Nvidia': 'Article 3', 'Wiz Research': 'Article 1', 'Security experts': 'Article 4'}

primary_findings: {'Exploitation evidence': 'Articles 2, 4, 5', 'CVE details and patches': 'Articles 1, 3', 'Vulnerable instance count': 'Article 5'}

technical_details: {'Attack methods': 'Articles 1, 2, 5', 'Persistence techniques': 'Articles 3, 5'}

Generated 1 hour ago

Recent Analysis

AI analysis may contain inaccuracies

6 articles

Chained bugs in Nvidia's Triton Inference Server lead to full system compromise

Theregister • 2 hours ago

Patches Chained bugs in Nvidia's Triton Inference Server lead to full system compromise Wiz Research details flaws in Python backend that expose AI models and enable remote code execution Security researchers have lifted the lid on a chain of high-severity vulnerabilities that could lead to remote code execution (RCE) on Nvidia's Triton Inference Server. Wiz Research said that if the three vulnerabilities they discovered and reported to Nvidia were exploited successfully, the potential consequen

Score

100.0% similarity

Nvidia patches critical Triton server bugs that threaten AI model security

CSO Online • 5 hours ago

A surprising attack chain in Nvidia’s Triton Inference Server, starting with a seemingly minor memory-name leak, could allow full remote server takeover without user authentication. Security researchers from Wiz have discovered a chain of critical vulnerabilities in the popular open-source platform for running AI models at scale. “When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution (RC

Score

100.0% similarity

Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover

Security Affairs • 9 hours ago

New flaws in NVIDIA’s Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure. Newly revealed security flaws in NVIDIA’s Triton Inference Server for Windows and Linux could let remote, unauthenticated attackers fully take over vulnerable servers. According to Wiz Research team, chaining these vulnerabilities enables remote code execution […]

Score

100.0% similarity

Nvidia Patches Critical RCE Vulnerability Chain

Dark Reading • 20 hours ago

The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.

Score

100.0% similarity

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

The Hacker News • 1 day ago

A newly disclosed set of security flaws inNVIDIA's Triton Inference Serverfor Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution (RCE)," Wiz researchers Ronen Shustin and Nir Ohfeldsaidin a report published today. Thevulnerabilities

Score

95.0% similarity

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models

SecurityWeek • 1 day ago

Nvidia has patched over a dozen vulnerabilities in Triton Inference Server, including another set of vulnerabilities that threaten AI systems.

Score

95.0% similarity

MITRE ATT&CK

T1071.001

T1543.003

T1583.001

T1059.001

T1059.006

ATTACK TYPES

Data Manipulation

Information Disclosure

Denial of Service

Remote Code Execution

PLATFORMS

Triton Inference Server

Windows

Linux

INDUSTRIES

Artificial Intelligence

Technology

VULNERABILITIES

Information Disclosure

Remote Code Execution

Denial of Service

CVES

CVE-2025-23319

CVE-2025-23334

CVE-2025-23320

COMPANIES

Wiz

SECURITY VENDORS

Wiz

CLUSTER INFORMATION

Cluster #1639

Created 22 hours ago

Semantic Algorithm

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Cluster Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Activity Timeline

Key Insights

Threat Overview

Tactics, Techniques & Procedures (TTPs)

Timeline of Events

Source Citations

Related Articles

Chained bugs in Nvidia's Triton Inference Server lead to full system compromise

Nvidia patches critical Triton server bugs that threaten AI model security

Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover

Nvidia Patches Critical RCE Vulnerability Chain

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Nvidia Triton Vulnerabilities Pose Big Risk to AI Models

Save to Folder

Cluster Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies