CVE-2025-23247
CVE-2025-23247 is a medium-severity vulnerability in Nvidia Cuda Toolkit with a CVSS 3.x base score of 4.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-130.
Key facts
- Severity: Medium (CVSS 3.x base score 4.4)
- EPSS exploit prediction: 0% (17th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-16675
- Weakness: CWE-130
- Affected product: Nvidia Cuda Toolkit
- Published:
- Last modified:
Description
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
Frequently asked questions
- What is CVE-2025-23247?
- NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
- How severe is CVE-2025-23247?
- CVE-2025-23247 has a CVSS 3.x base score of 4.4, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2025-23247 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (17th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-23247?
- CVE-2025-23247 affects Nvidia Cuda Toolkit. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-23247?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-23247 have an EU (EUVD) identifier?
- Yes. CVE-2025-23247 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-16675.
- When was CVE-2025-23247 published?
- CVE-2025-23247 was published on 2025-05-27 and last updated on 2026-06-17.
References
- https://nvidia.custhelp.com/app/answers/detail/a_id/5643
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2151
Affected products (1)
- cpe:2.3:a:nvidia:cuda_toolkit:*:*:*:*:*:*:*:*
More vulnerabilities in Nvidia Cuda Toolkit
- CVE-2022-21821 — High (CVSS 7.8): NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote…
- CVE-2020-5991 — High (CVSS 7.8): NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an…
- CVE-2025-33230 — High (CVSS 7.3): NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS…
- CVE-2025-33229 — High (CVSS 7.3): NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute…
- CVE-2025-33228 — High (CVSS 7.3): NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command…
- CVE-2025-33231 — Medium (CVSS 6.7): NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an…
All CVEs affecting Nvidia Cuda Toolkit →
Other CWE-130 vulnerabilities
- CVE-2022-2714 — Critical (CVSS 9.8): Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
- CVE-2026-9054 — Critical (CVSS 9.2): An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel…
- CVE-2022-1543 — High (CVSS 8.8): Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large…
- CVE-2026-3868 — High (CVSS 8.7): An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure…
- CVE-2026-5367 — High (CVSS 8.6): A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host…
- CVE-2022-20870 — High (CVSS 8.6): A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650,…