Primary

Context

NVIDIA Triton Inference Server Remote Code Execution Vulnerability in Python Backend

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Triton Inference Server for Windows and Linux. This issue arises in the Python backend, where an attacker can manipulate the model name parameter in the model control APIs to execute arbitrary code. Exploitation of this vulnerability could also result in a denial of service, unauthorized information disclosure, and data tampering.

Impact

Successful exploitation allows for remote code execution, with additional risks of causing a denial of service, disclosing sensitive information, and tampering with data.

Remediation

Users are advised to update to version 25.08, available on the Triton Inference Server Releases page on GitHub. For those in production environments, consult the Secure Deployment Considerations Guide.

Added: Sep 17, 2025, 10:17 PM

Updated: Sep 17, 2025, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Triton Inference Server Remote Code Execution Vulnerability in Python Backend

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating