CVE-2025-23292

Summary

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

Affected Software

VendorProductVersion RangeStatus
NVIDIADLS component of NVIDIA License SystemAll versions prior to v3.5.1 and v3.1.7affected

Weaknesses

  • CWE-943: CWE-943 Improper Neutralization of Special Elements in Data Query Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References