Security vulnerabilities: Nvidia strengthens AI tools against potential attacks
Updates close vulnerabilities in Nvidia AIStore Framework, NeMo Framework, and Triton Inference Server.
(Image: Photon photo/Shutterstock.com)
Attackers can exploit several vulnerabilities in Nvidia's AI platform Triton Server and the AI frameworks AIStore and NeMo to attack systems. In the worst case, malicious code can enter PCs. Patches are available for download.
Even though there are currently no indications of attacks, administrators should not delay patching for too long.
Closed Vulnerabilities
According to a post, the AIStore Framework is attackable on all platforms via two vulnerabilities (CVE-2025-33186 “high,” CVE-2025-33185 “medium”). The vulnerabilities are in the AuthN component. After successful attacks, attackers can gain higher user privileges and access actually protected data. The developers state that they have resolved the security issues in version 3.31. All previous versions are vulnerable.
A further warning shows the vulnerabilities (CVE-2025-23361 “high,” CVE-2025-33178 “high”) in NeMo Framework. At these points, attackers can provoke errors through insufficient checks using specific inputs. This can lead to the execution of malicious code, after which systems are generally considered completely compromised.
All platforms on which NeMo Framework runs are affected by this. According to the developers, the two vulnerabilities have been fixed in version 2.5.0.
Videos by heise
According to the developers, Nvidia Triton Inference Server is threatened by a vulnerability (CVE-2025-33202 “medium”) under Linux and Windows. A successful attack triggers a DoS state, leading to crashes with high probability. However, version 25.09 is said to be equipped to handle this.
In September of this year Nvidia released security updates for the DGX and HGX AI platforms.
(des)
