Hi All
Another AI organisation effected by vulnerabilities:
Cloud security giant Wiz has disclosed another set of vulnerabilities that can pose a significant risk to AI systems that rely on Nvidia products, in this case the company’s Triton Inference Server.
Nvidia announced in an advisory published on Monday that more than a dozen vulnerabilities have been patched in Triton Inference Server, an open source software that enables users to deploy any AI model from various deep learning and machine learning frameworks.
Researchers at Wiz have discovered three vulnerabilities (CVE-2025-23319, CVE-2025-23320 and CVE-2025-23334) that can be chained by a remote, unauthenticated attacker to execute arbitrary code and take complete control of a server.
CVE-2025-23319 and CVE-2025-23320 are high-severity issues affecting the Python backend of Triton Inference Server for Windows and Linux. The former can be exploited for remote code execution, DoS attacks, data tampering, or information disclosure, while the latter can lead to information disclosure.
CVE-2025-23334 has been assigned a ‘medium severity’ rating. It also impacts the Python backend and it can lead to information disclosure.
According to Wiz, the exploit chain starts with a minor information leak and escalates to a full system compromise.
“This poses a critical risk to organizations using Triton for AI/ML, as a successful attack could lead to the theft of valuable AI models, exposure of sensitive data, manipulating the AI model’s responses and a foothold for attackers to move deeper into a network,” Wiz explained.
https://www.securityweek.com/nvidia-triton-vulnerabilities-pose-big-risk-to-ai-models/
Regards
Caute_Cautim
