CVERadar

CVE-2025-23242

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00047/1

CVE-2025-23242: NVIDIA Riva improper access control vulnerability allows unauthorized actions. This flaw could let attackers gain higher privileges or tamper with sensitive data. Although the CVSS score is 0, indicating a seemingly low immediate impact, the potential consequences include denial of service and information disclosure. SOCRadar's Vulnerability Risk Score (SVRS) is 30, suggesting this vulnerability requires monitoring but isn't immediately critical. However, the "In The Wild" tag indicates active exploitation should be monitored and the patch applied when available. The root cause is a CWE-284, which points to insufficient access control. Mitigating this vulnerability is crucial to prevent potential damage to system integrity and data confidentiality, regardless of a low CVSS score.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

ZDI-25-145: NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability

2025-03-13

ZDI-25-145: NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability | This vulnerability allows remote attackers to access protected functionality on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-23242.

zerodayinitiative.com

rss

forum

news

NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges

Guru Baran2025-03-12

NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges | NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms. The update, detailed in a March 10, 2025 security bulletin, impacts all Linux deployments running Riva versions ≤2.18.0 and follows coordinated disclosure with  Trend Micro’s David […] The post NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges appeared

cybersecuritynews.com

rss

forum

news

CVE-2025-23242 | NVIDIA Riva access control

vuldb.com2025-03-12

CVE-2025-23242 | NVIDIA Riva access control | A vulnerability was found in NVIDIA Riva and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-23242. The attack may be launched remotely. There is no exploit available.

vuldb.com

rss

forum

news

Social Media

transilienceai

@transilienceai

16 days ago

Actively exploited CVE : CVE-2025-23242

Grok

@grok

23 days ago

@Harri_devalle_ @SecurityWeek Nvidia Riva had vulnerabilities (CVE-2025-23242, CVE-2025-23243) that could let hackers misuse AI services, risking data breaches or disruptions. Updating to version 2.19.0 and securing internet exposure can mitigate these serious privacy and security threats, especially for

Syed Aquib

@syedaquib77

24 days ago

⚠️ Vulnerability Alert: Nvidia Riva Unauthorized Use Vulnerabilities 📅 Timeline: Disclosure: 2025-03-11, Patch: 2025-03-11 📌 Attribution: NVIDIA Security Advisory 🆔 cveId: CVE-2025-23242 📊 baseScore: 7.5 📏 cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Cybersecurity News Everyday

@TweetThreatNews

24 days ago

Nvidia has patched critical vulnerabilities (CVE-2025-23242 & CVE-2025-23243) in Riva AI services that could allow unauthorized access and data tampering. Update to protect against risks! 🚨 #Nvidia #AIservices #USA link: https://t.co/qVCxH6yhCk https://t.co/EjSFLxKNMe

Gray Hats

@the_yellow_fall

30 days ago

NVIDIA Addresses Security Vulnerabilities in NVIDIA Riva with Software Update Stay secure with NVIDIA's update addressing CVE-2025-23242. Protect against potential data tampering and escalation risks. https://t.co/kEO1zfJtP8

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://nvidia.custhelp.com/app/answers/detail/a_id/5625

CWE Details

CWE ID	CWE Name	Description
CWE-284	Improper Access Control	The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence