CVE-2025-23253

Summary

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVIDIA AppAll versions up to and including 11.0.2.337 (prod2 hotfix)affected

Weaknesses

  • CWE-547: CWE-547 Use of Hard-coded, Security-relevant Constants

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References