Summary: Nvidia has issued patches for two significant vulnerabilities in its Riva AI services that could enable hackers to exploit its functionalities. The issues involve improper access controls, allowing for potential privilege escalation and denial of service attacks. Both vulnerabilities affect earlier versions of Riva (2.18 and prior) and are critical for users to address promptly to avoid unauthorized access.
Affected: Nvidia Riva AI Services
Keypoints :
- Two vulnerabilities tracked as CVE-2025-23242 (high severity) and CVE-2025-23243 (medium severity) identified.
- The vulnerabilities allow data tampering, privilege escalation, and denial of service attacks.
- Instances of Riva were found misconfigured and exposed online due to default cloud installation settings, posing serious security risks.
Source: https://www.securityweek.com/nvidia-riva-vulnerabilities-allow-unauthorized-use-of-ai-services/