NVIDIA Triton Inference Server

Stack Overflow via Large Payloads in NVIDIA Triton Inference Server
CVE-2025-33202 6.5 - Medium - November 11, 2025

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service.

Stack Overflow

NVIDIA Triton Inference Server DALI Backend Improper Input Validation RCE
CVE-2025-23268 8 - High - September 17, 2025

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution.

Improper Input Validation

NVIDIA Triton Inference Server DoS via Misconfigured Model
CVE-2025-23336 4.4 - Medium - September 17, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of service by loading a misconfigured model. A successful exploit of this vulnerability might lead to denial of service.

Improper Input Validation

NVIDIA Triton Inference Server: ShMem Python Bknd Corruption -> DoS
CVE-2025-23329 7.5 - High - September 17, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corruption by identifying and accessing the shared memory region used by the Python backend. A successful exploit of this vulnerability might lead to denial of service.

Authorization

NVIDIA Triton Inference Server OOB Write DoS via Crafted Input
CVE-2025-23328 7.5 - High - September 17, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Memory Corruption

Remote Code Execution via Model Name in NVIDIA Triton Inference Server (Python backend)
CVE-2025-23316 9.8 - Critical - September 17, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause a remote code execution by manipulating the model name parameter in the model control APIs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.

Shell injection

NVIDIA Triton Inference Server RCE via HTTP Stack Overflow
CVE-2025-23311 - August 06, 2025

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.

Stack Overflow

RCE via Stack Buffer Overflow in NVIDIA Triton Inference Server
CVE-2025-23310 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering.

Stack Overflow

NVIDIA Triton Underflow Causes DoS via Model Config & Input
CVE-2025-23335 7.5 - High - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service.

Integer underflow

NVIDIA Triton Inference Server: Malicious HTTP Reverse Shell
CVE-2025-23317 9.8 - Critical - August 06, 2025

NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Heap-based Buffer Overflow

Triton Inference Server OOB Write in Python Backend (RCE)
CVE-2025-23318 9.8 - Critical - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

Memory Corruption

NVIDIA Triton Python Backend OOB Write
CVE-2025-23319 9.8 - Critical - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure.

Memory Corruption

NVIDIA Triton OOB Read via Python Backend
CVE-2025-23333 7.5 - High - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure.

Out-of-bounds Read

NVIDIA Triton Inference Server Python Backend OOB Read Info Disclosure
CVE-2025-23334 7.5 - High - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure.

Out-of-bounds Read

NVIDIA Triton Server Python Backend Shared Memory Overflow Info Disclosure
CVE-2025-23320 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure.

Generation of Error Message Containing Sensitive Information

CVE-2025-23331: Triton Inference Server DoS via Excessive Memory Allocation
CVE-2025-23331 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Stack Exhaustion

NVIDIA Triton Inference Server Integer Overflow (DoS & Data Tampering)
CVE-2025-23327 9.1 - Critical - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering.

Integer Overflow or Wraparound

NVIDIA Triton Inference Server Integer Overflow DOS
CVE-2025-23326 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Integer Overflow to Buffer Overflow

Uncontrolled Recursion in NVIDIA Triton Inference Server causes DoS
CVE-2025-23325 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.

Stack Exhaustion

Triton Inference Server Integer Overflow DoS
CVE-2025-23324 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Integer Overflow or Wraparound

NVIDIA Triton Inference Server DoS via Integer Overflow
CVE-2025-23323 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Integer Overflow or Wraparound

NVIDIA Triton Inference Server Double Free DoS via Cancelled Stream
CVE-2025-23322 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service.

Double-free

NVIDIA Triton Inference Server DIV0 DoS via Invalid Request
CVE-2025-23321 - August 06, 2025

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service.

Divide By Zero

DoS via Integer Overflow in Triton Inference Server Model API
CVE-2024-53880 - February 12, 2025

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.

Integer Overflow or Wraparound

NVIDIA Triton Inference Server OOB Read via Shared Memory Release
CVE-2024-0116 - October 01, 2024

NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.

Triton Inference Server: Init Resource Flaw Enables Info Disclosure
CVE-2024-0103 - June 13, 2024

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure.

NVIDIA Triton Log Injection Enables Remote Code Exec
CVE-2024-0095 - June 13, 2024

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Triton Server Tracing API Enables System File Corruption (DoS/Data Tampering)
CVE-2024-0100 - May 14, 2024

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering.

NVIDIA Triton Inference Server Improper Shared Memory Access via Network API
CVE-2024-0088 - May 14, 2024

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering.

NVIDIA Triton Inference Server Log Path Manipulation Enables RCE
CVE-2024-0087 - May 14, 2024

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.