CVE-2025-23352 | THREATINT

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

PUBLISHED Reserved 2025-01-14 | Published 2025-10-23 | Updated 2025-10-24 | Assigner nvidia

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-824 Access of Uninitialized Pointer

Product status

Default status

unaffected

580.82.02(All versions up to and including the August 2025 release)

affected

Default status

unaffected

580.82.02(All versions prior to and including vGPU 19.1)

affected

Default status

unaffected

570.172.07(All versions prior to and including vGPU 18.4)

affected

Default status

unaffected

535.261.04(All versions prior to and including vGPU 16.11)

affected

References

nvd.nist.gov/vuln/detail/CVE-2025-23352

www.cve.org/CVERecord?id=CVE-2025-23352

nvidia.custhelp.com/app/answers/detail/a_id/5703

cve.org (CVE-2025-23352)

nvd.nist.gov (CVE-2025-23352)

Download JSON

help @ threatint.eu