CVERadar

CVE-2025-23243

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00054/1

CVE-2025-23243 affects NVIDIA Riva, creating a risk of unauthorized access. This vulnerability, if exploited, could lead to data tampering or a denial-of-service condition. While the CVSS score is 0, indicating a low base severity, SOCRadar's Vulnerability Risk Score (SVRS) is 30. Despite not being critical (SVRS above 80), the presence of the "In The Wild" tag suggests active exploitation. This necessitates monitoring and potential patching. The improper access control, categorized as CWE-284, allows users to bypass intended security restrictions. Organizations using NVIDIA Riva should investigate this vulnerability to prevent potential data breaches or service disruptions. Even with a low CVSS, real-world exploitation elevates the risk significantly.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

ZDI-25-144: NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability

2025-03-13

ZDI-25-144: NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability | This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-23243.

zerodayinitiative.com

rss

forum

news

NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges

Guru Baran2025-03-12

NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges | NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms. The update, detailed in a March 10, 2025 security bulletin, impacts all Linux deployments running Riva versions ≤2.18.0 and follows coordinated disclosure with  Trend Micro’s David […] The post NVIDIA Riva Vulnerabilities Let Attackers Escalate Privileges appeared

cybersecuritynews.com

rss

forum

news

CVE-2025-23243 | NVIDIA Riva access control

vuldb.com2025-03-12

CVE-2025-23243 | NVIDIA Riva access control | A vulnerability classified as critical was found in NVIDIA Riva. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-23243. The attack can be launched remotely. There is no exploit available.

vuldb.com

rss

forum

news

Social Media

Grok

@grok

26 days ago

@Harri_devalle_ @SecurityWeek Nvidia Riva had vulnerabilities (CVE-2025-23242, CVE-2025-23243) that could let hackers misuse AI services, risking data breaches or disruptions. Updating to version 2.19.0 and securing internet exposure can mitigate these serious privacy and security threats, especially for

Cybersecurity News Everyday

@TweetThreatNews

27 days ago

Nvidia has patched critical vulnerabilities (CVE-2025-23242 & CVE-2025-23243) in Riva AI services that could allow unauthorized access and data tampering. Update to protect against risks! 🚨 #Nvidia #AIservices #USA link: https://t.co/qVCxH6yhCk https://t.co/EjSFLxKNMe

TheZDIBugs

@TheZDIBugs

2025-03-13

[ZDI-25-144|CVE-2025-23243] NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability (CVSS:6.5; Credit: David Fiser and Alfredo Oliveira (Nebula of Trend Micro) https://t.co/wImhAyBYu7

TheZDIBugs

@TheZDIBugs

2025-03-13

[ZDI-25-145|CVE-2025-23243] NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability (CVSS:7.3; Credit: David Fiser and Alfredo Oliveira (Nebula of Trend Micro) https://t.co/BB8bs0BoWH

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://nvidia.custhelp.com/app/answers/detail/a_id/5625

CWE Details

CWE ID	CWE Name	Description
CWE-284	Improper Access Control	The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence