CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-23243

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00054/1

CVE-2025-23243 is a security vulnerability in NVIDIA Riva, allowing improper access control. Successful exploitation could result in data tampering or a denial of service. The SVRS score is 30, indicating a moderate risk. While not critical, the "In The Wild" tag suggests active exploitation, so monitoring is advised. This vulnerability highlights the importance of proper access controls in NVIDIA Riva to prevent unauthorized actions. Failure to address this issue could compromise data integrity and service availability. The risk is significant because even though the CVSS is 0, active exploitation increases potential damage.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-11
LAST MODIFIED2025-03-11
Eye Icon
SOCRadar
AI Insight

Description

CVE-2025-23243 describes an improper access control vulnerability within NVIDIA Riva. Successful exploitation of this vulnerability could allow an attacker to tamper with data or cause a denial-of-service (DoS) condition. The SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a low to medium level of risk. While the CVSS score is 0, the SVRS considers real-world threat intelligence, including the fact that this vulnerability is marked as being exploited In The Wild, suggesting active exploitation by hackers.

Key Insights

  1. Active Exploitation in the Wild: Despite the low CVSS score, the "In The Wild" tag signifies that this vulnerability is actively being exploited by attackers, increasing the urgency for remediation.
  2. Potential for Data Tampering and Denial of Service: Successful exploitation could lead to significant disruption, as the improper access control issue could allow for unauthorized modification of data or a complete disruption of service for NVIDIA Riva users.
  3. Improper Access Control (CWE-284): The vulnerability stems from inadequate access control mechanisms, meaning attackers can bypass intended restrictions to perform actions they shouldn't be authorized to do.

Mitigation Strategies

  1. Apply Available Patches and Updates: Immediately apply any patches or updates released by NVIDIA for Riva to address CVE-2025-23243. This is the most direct way to remediate the vulnerability.
  2. Review and Strengthen Access Control Policies: Evaluate existing access control configurations within NVIDIA Riva and implement stricter policies to limit unauthorized access and prevent potential data tampering or denial-of-service attacks.
  3. Implement Intrusion Detection and Prevention Systems (IDS/IPS): Deploy or enhance IDS/IPS solutions to detect and block malicious traffic and exploitation attempts targeting CVE-2025-23243, supplementing access control measures.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

5th May – Threat Intelligence Report - CPR - Check Point Research
2025-05-05
5th May – Threat Intelligence Report - CPR - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered Spider gang, while DragonForce ransomware gang claimed responsibility for the attacks. The American non-profit healthcare system, Ascension, experienced a data breach following a third-party hacking incident in December 2024. The attack led to
google.com
rss
forum
news
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors - The Hacker News
2025-05-05
⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors - The Hacker News | News Content: What if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn't just the breach—it's not knowing who's still lurking in your systems. If your defenses can't adapt quickly, you're already at
google.com
rss
forum
news
NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys
Mayura Kathir2025-05-02
NVIDIA Riva AI Speech Flaw Let Hackers Gain Unauthorized Access to Abuse GPU Resources & API keys | Researchers have uncovered significant security vulnerabilities in NVIDIA Riva, a breakthrough AI speech technology platform used for transcription, voice assistants, and conversational AI. The flaws, now formally recognized as CVE-2025-23242 and CVE-2025-23243, expose enterprise users to potential unauthorized access and resource theft. These vulnerabilities stemmed from exposed API endpoints that operated without proper authentication safeguards, […] The post NVIDIA Riva AI Speech Flaw Let
gbhackers.com
rss
forum
news
ZDI-25-144: NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability
2025-05-01
ZDI-25-144: NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability | This vulnerability allows remote attackers to bypass authentication on affected installations of NVIDIA Riva. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2025-23243.
zerodayinitiative.com
rss
forum
news
NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments
Tushar Subhra Dutta2025-04-29
NVIDIA Riva Vulnerabilities Exposes Enable Authorized Access to Cloud Environments | A critical security flaw in NVIDIA’s Riva framework, an AI-powered speech and translation service, has left cloud environments vulnerable to unauthorized access and exploitation. Trend Micro researchers uncovered two vulnerabilities-CVE-2025-23242 and CVE-2025-23243-stemming from misconfigured deployments that expose Riva’s gRPC and Triton Inference Server endpoints to the public internet. These flaws enable threat actors to bypass […] The post NVIDIA Riva Vulnerabilities Exposes Enable Authorized
cybersecuritynews.com
rss
forum
news
Nvidia Riva API at risk of DoS attacks and data extraction - Candid.Technology
2025-04-29
Nvidia Riva API at risk of DoS attacks and data extraction - Candid.Technology | News Content: Nvidia has released software updates for two high and medium severity bugs for Riva. The vulnerabilities, dubbed CVE-2025-23242 and CVE-2025-23243, are rated 7.3 and 6.5 on the CVSS scale, respectively, and can cause DoS attacks, data leakage, and other system disruptions if exploited. Nvidia Riva is a GPU-accelerated software development kit (SDK) that lets developers build multilingual AI agents that can converse in real-time. The bugs were caught by security researchers at Trend Micro, whose report claims that these “misconfigured
google.com
rss
forum
news
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk
Alfredo Oliveira2025-04-28
NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk | Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference services, including speech recognition and text-to-speech processing.
trendmicro.com
rss
forum
news

Social Media

BREAKING: Misconfigured NVIDIA Riva deployments expose AI speech + translation services to attack. Critical flaws (CVE-2025-23242, CVE-2025-23243) allow GPU abuse & model theft. Secure your cloud setups now. 🔐 Full story 👉 https://t.co/puRu5SHuN1 #AIsecurity #NVIDIA
0
0
0
🗞️ NVIDIA Riva Vulnerabilities Expose AI-Powered Speech Services to Unauthorized Access Trend Micro uncovered critical NVIDIA Riva vulnerabilities (CVE-2025-23242, CVE-2025-23243), allowing unauthorized access to AI speech services. Patched via responsible disclosure, these https://t.co/OCOLrehNV4
0
0
0
🚨 Heads up! Unprotected NVIDIA Riva deployments in the cloud can expose your org to serious risks. 😬 Trend Micro uncovers vulnerabilities (CVE-2025-23242 & CVE-2025-23243) leading to potential GPU abuse & data theft. Secure your Riva configs now! https://t.co/l9QNxcg9Wq
0
0
0
@Harri_devalle_ @SecurityWeek Nvidia Riva had vulnerabilities (CVE-2025-23242, CVE-2025-23243) that could let hackers misuse AI services, risking data breaches or disruptions. Updating to version 2.19.0 and securing internet exposure can mitigate these serious privacy and security threats, especially for
0
0
2
Nvidia has patched critical vulnerabilities (CVE-2025-23242 & CVE-2025-23243) in Riva AI services that could allow unauthorized access and data tampering. Update to protect against risks! 🚨 #Nvidia #AIservices #USA link: https://t.co/qVCxH6yhCk https://t.co/EjSFLxKNMe
0
0
0
[ZDI-25-144|CVE-2025-23243] NVIDIA Riva gRPC API Missing Authentication for Critical Function Authentication Bypass Vulnerability (CVSS:6.5; Credit: David Fiser and Alfredo Oliveira (Nebula of Trend Micro) https://t.co/wImhAyBYu7
0
0
0
[ZDI-25-145|CVE-2025-23243] NVIDIA Riva Triton Inference Server Missing Authentication Vulnerability (CVSS:7.3; Credit: David Fiser and Alfredo Oliveira (Nebula of Trend Micro) https://t.co/BB8bs0BoWH
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://nvidia.custhelp.com/app/answers/detail/a_id/5625

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence