CVE-2025-23352

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIAVirtual GPU Manager580.82.02(All versions up to and including the August 2025 release)affected
NVIDIAVirtual GPU Manager580.82.02(All versions prior to and including vGPU 19.1)affected
NVIDIAVirtual GPU Manager570.172.07(All versions prior to and including vGPU 18.4)affected
NVIDIAVirtual GPU Manager535.261.04(All versions prior to and including vGPU 16.11)affected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References