What is the CVSS score of CVE-2025-23275?

CVE-2025-23275 has a CVSS 3.1 base score of 4.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Which versions of Cuda Toolkit are affected by CVE-2025-23275?

Organizations using NVIDIA CUDA Toolkit for all platforms should be aware of moderate risk from CVE-2025-23275, a out-of-bounds write vulnerability rated CVSS 4.2.

How to fix or mitigate CVE-2025-23275?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Monitor vendor channels for patch availability.

Cuda Toolkit CVE-2025-23275

MEDIUM

Out-of-bounds Write (CWE-787)

2025-09-24 psirt@nvidia.com

Buffer Overflow Denial Of Service Information Disclosure Memory Corruption Cuda Toolkit Nvidia Nvjpeg

4.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:13 vuln.today

CVE Published

Sep 24, 2025 - 14:15 nvd

MEDIUM 4.2

DescriptionNVD

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

AnalysisAI

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. Rated medium severity (CVSS 4.2). No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure. Affected products include: Nvidia Cuda Toolkit, Nvidia Nvjpeg.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).