What is the CVSS score of CVE-2025-23292?

CVE-2025-23292 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L. EPSS exploitation probability: 0.0%.

Which versions of Nvidia are affected by CVE-2025-23292?

Organizations using NVIDIA Delegated Licensing Service for all appliance platforms should be aware of moderate risk from CVE-2025-23292 rated CVSS 4.6.

How to fix or mitigate CVE-2025-23292?

During next maintenance window: Identify affected systems and apply vendor patches when convenient. Monitor vendor channels for patch availability.

Nvidia CVE-2025-23292

MEDIUM

Improper Neutralization of Special Elements in Data Query Logic (CWE-943)

2025-09-30 psirt@nvidia.com

Denial Of Service SQLi Nosql Injection Nvidia

4.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:15 vuln.today

CVE Published

Sep 30, 2025 - 18:15 nvd

MEDIUM 4.6

DescriptionNVD

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

AnalysisAI

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. Rated medium severity (CVSS 4.6). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-943. NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More from same product – last 7 days

CVE-2026-46017 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration

CVE-2025-23292 vulnerability details – vuln.today

Back

Nvidia CVE-2025-23292

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code