Nvidia Triton Inference Server: Attackers can combine three vulnerabilities
The developers at Nvidia have closed several security vulnerabilities in Triton Inference Server. Several vulnerabilities are considered critical.
(Image: Shutterstock)
Attackers can attack systems with Nvidia Triton Inference Server and, in the worst case, compromise them completely. Linux and Windows PCs are at risk. In the current versions, the developers have closed a total of 17 software vulnerabilities. So far there have been no reports of ongoing attacks. However, admins should not wait too long to secure their systems.
Nvidia's Triton Inference Server provides AI models such as PyTorch and TensorFlow so that users can perform tasks such as image generation or language translation.
The dangers
According to a warning message, three vulnerabilities (CVE-2025-23310, CVE-2025-23311, CVE-2025-23317) are classified as “critical”. Attackers can use prepared HTTP requests to trigger a memory error at these points, among other things. This usually leads to crashes, but malicious code is also often introduced to the computer in such cases.
In an article, security researchers from Wiz warn that attackers can combine three vulnerabilities (CVE-2025-23319 “high”, CVE-2025-23320 “high”, CVE-2025-23334 “medium”). If the attacks work, attackers first access memory areas that are supposed to be sealed off. They then gain access to a key and acquire read and write permissions for a server. In the final step, they then execute malicious code.
Videos by heise
Securing systems
The developers claim to have solved the security problems in the Triton Inference Server 25.05, 25.06 and 25.07 releases.
(des)
