Nvidia releases update for 'critical' vulnerabilities in AI stack

Technology company Nvidia released on Saturday a software update to patch vulnerabilities in its Triton server, which clients use for artificial intelligence models.

The vulnerabilities, which cybersecurity company Wiz calls “critical,” could lead to the takeover of AI models, data theft and response manipulation if not patched.

“Wiz Research found a chain of vulnerabilities that, when combined, could let an attacker with no prior access take full control of an AI server,” Wiz head of vulnerability research Nir Ohfeld told Cointelegraph.

“The attack starts with a minor bug that causes the server to leak a small piece of secret internal data,” he said. “An attacker can then use that data to trick one of the server’s legitimate features into giving them control over a private system component. This initial foothold is all they need to escalate their privileges and achieve a complete server takeover.”

Triton is an open-source inference software designed by Nvidia to optimize artificial intelligence models.

While the full scope of customers who use Triton is unknown, some big-name enterprises have been cited as employing it, including Microsoft, Amazon, Oracle, Siemens and American Express. According to a 2021 press release, over 25,000 companies use Nvidia’s AI stack.

An Nvidia spokesperson declined to comment beyond referring to the company’s security bulletin. The disclosed vulnerabilities were assigned the identifiers CVE-2025-23319, CVE-2025-23320 and CVE-2025-23334.

“The single most important step is to update to the patched version of the Nvidia Triton Inference Server (version 25.07 or newer),” Ohfeld told Cointelegraph. “This directly fixes the entire vulnerability chain.”

Ohfeld added that as of now, “we have not seen evidence of these specific vulnerabilities being exploited in the wild. However, Nvidia Triton is a very popular and widely used platform for AI workloads.”

Related: 5 smart contract vulnerabilities: How to identify and mitigate them

Security vulnerabilities hamper emerging technologies

Security vulnerabilities have hampered emerging technologies in 2025, including crypto, where exploits have led to the theft of billions of dollars worth of digital assets.

According to Hacken, a blockchain security auditor, access flaws and smart contract bugs are contributing to the $3.1 billion lost in crypto exploits in the first half of 2025. That amount already exceeds the total lost in 2024.

Meanwhile, according to some experts, AI agents and quantum computing are likely to pose new cyber threats.

Magazine: Inside Pink Drainer — Security analyst defends his crypto scam franchise

• #NVidia
• #Business
• #AI
• #Cybersecurity Add reaction