CVE-2025-23275

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-23275
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-23275 Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5661 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-23275 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:nvidia:nvjpeg:-:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:driveos:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:linux_for_tegra:-:*:*:*:*:*:*:*
History

06 Oct 2025, 14:51

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:linux_for_tegra:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvjpeg:-:*:*:*:*:*:*:*
cpe:2.3:o:nvidia:driveos:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
References () https://nvd.nist.gov/vuln/detail/CVE-2025-23275 - () https://nvd.nist.gov/vuln/detail/CVE-2025-23275 - Third Party Advisory
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5661 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5661 - Vendor Advisory
References () https://www.cve.org/CVERecord?id=CVE-2025-23275 - () https://www.cve.org/CVERecord?id=CVE-2025-23275 - Third Party Advisory
First Time Nvidia nvjpeg
Microsoft windows
Linux
Linux linux Kernel
Nvidia
Nvidia cuda Toolkit
Nvidia linux For Tegra
Microsoft
Nvidia driveos

24 Sep 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-24 14:15

Updated : 2025-10-06 14:51

NVD link : CVE-2025-23275

Mitre link : CVE-2025-23275

CVE.ORG link : CVE-2025-23275

JSON object : View

Products Affected

nvidia

  • linux_for_tegra
  • nvjpeg
  • driveos
  • cuda_toolkit

microsoft

  • windows

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write