CVE-2025-23308

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-23308	Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5661	Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-23308	Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2204

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

No history.

Information

Published : 2025-09-24 14:15

Updated : 2025-11-03 19:15

NVD link : CVE-2025-23308

Mitre link : CVE-2025-23308

CVE.ORG link : CVE-2025-23308

JSON object : View

Products Affected

microsoft

windows

linux

linux_kernel

nvidia

cuda_toolkit

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-23308", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-09-24T14:15:47.833", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23308", "tags": ["Third Party Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5661", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23308", "tags": ["Third Party Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2204", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm."}, {"lang": "es", "value": "NVIDIA CUDA Toolkit para todas las plataformas contiene una vulnerabilidad en nvdisasm donde un atacante puede causar un desbordamiento de b\u00fafer basado en mont\u00edculo al lograr que el usuario ejecute nvdisasm en un archivo ELF malicioso. Un exploit exitoso de esta vulnerabilidad puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario al nivel de privilegio del usuario que ejecuta nvdisasm."}], "lastModified": "2025-11-03T19:15:47.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970ED8B6-06F1-46FF-B2A7-F55E719FB1CA", "versionEndExcluding": "13.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}