CVE-2025-23345

Summary

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIAGeForceAll driver versions prior to 581.42affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 581.42affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 573.76affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 539.56affected
NVIDIATeslaAll driver versions prior to 581.42affected
NVIDIATeslaAll driver versions prior to 573.76affected
NVIDIATeslaAll driver versions prior to 539.56affected
NVIDIAGeForceAll driver versions prior to 580.95.05affected
NVIDIAGeForceAll driver versions prior to 570.195.03affected
NVIDIAGeForceAll driver versions prior to 535.274.02affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 580.95.05affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 570.195.03affected
NVIDIANVIDIA RTX, Quadro, NVSAll driver versions prior to 535.274.02affected
NVIDIATeslaAll driver versions prior to 580.95.05affected
NVIDIATeslaAll driver versions prior to 570.195.03affected
NVIDIATeslaAll driver versions prior to 535.274.02affected
NVIDIAGuest driver580.82.07(All versions up to and including the August 2025 release)affected
NVIDIAGuest driver570.172.08(All versions prior to and including vGPU 18.4)affected
NVIDIAGuest driver535.261.03(All versions prior to and including vGPU 16.11)affected
NVIDIAGuest driver581.15(All versions prior to and including vGPU19.1)affected
NVIDIAGuest driver573.48(All versions prior to and including vGPU 18.4)affected
NVIDIAGuest driver539.41(All versions prior to and including vGPU 16.11)affected
NVIDIAGuest driver580.82.07(All versions prior to and including vGPU 19.1)affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References