CVE-2025-23275 MEDIUM

CVE-2025-23275

Vendor Nvidia

Product NVIDIA CUDA Toolkit

Weakness CWE-787

Published September 24, 2025

Last update September 24, 2025

View on NVD All CVEs

CVSS base score

4.2/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A successful exploit of this vulnerability may lead to denial of service and information disclosure.

Key dates

02Disclosure timeline

September 24, 2025 CVE published

September 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-23275

Related vulnerabilities

Identifiers

CVE CVE-2025-23275

CWE CWE-787

CVSS 4.2 / MEDIUM

Affected versions

Vendor Nvidia

Product NVIDIA CUDA Toolkit

Affected All versions prior to CUDA Toolkit 13.0

Vendor Nvidia

Product nvJPEG

Affected All versions prior to nvJPEG 13.0.0

CVE-2025-23275

01Description

02Disclosure timeline

03References

04Related CVE