{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23254", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:22.262Z", "datePublished": "2025-05-01T14:05:50.487Z", "dateUpdated": "2025-05-01T14:51:47.513Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux", "macOS"], "product": "TensorRT-LLM", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 0.18.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.</span>"}], "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, information disclosure, data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-05-01T14:05:50.487Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5648"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T14:51:41.413552Z", "id": "CVE-2025-23254", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T14:51:47.513Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23254", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T14:51:41.413552Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T14:51:44.043Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, information disclosure, data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "TensorRT-LLM", "versions": [{"status": "affected", "version": "All versions prior to 0.18.2"}], "platforms": ["Windows", "Linux", "macOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5648"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-05-01T14:05:50.487Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23254", "state": "PUBLISHED", "dateUpdated": "2025-05-01T14:51:47.513Z", "dateReserved": "2025-01-14T01:06:22.262Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-05-01T14:05:50.487Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering."}, {"lang": "es", "value": "NVIDIA TensorRT-LLM para cualquier plataforma contiene una vulnerabilidad en el ejecutor de Python que permite a un atacante causar un problema de validaci\u00f3n de datos mediante el acceso local al servidor TRTLLM. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "id": "CVE-2025-23254", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2025-05-01T14:15:36.507", "references": [{"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5648"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}

{}