NVIDIA Triton Inference Server HTTP Server Reverse Shell Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability has been identified in the HTTP server of NVIDIA Triton Inference Server. This issue allows an attacker to initiate a reverse shell by sending a specially crafted HTTP request. Exploitation of this vulnerability could result in remote code execution, denial of service, data tampering, or unauthorized information disclosure. The vulnerability affects all versions of Triton Inference Server prior to 25.07, on both Windows and Linux platforms.
Impact
Successful exploitation of this vulnerability could lead to remote code execution, allowing an attacker to execute arbitrary commands on the server. Additionally, it could cause a denial of service, disrupt normal service operations, and allow for unauthorized data modification or access to sensitive information.
Remediation
Users are advised to update to version 25.07 or later. The latest release can be downloaded from the Triton Inference Server Releases page on GitHub. For guidance on secure deployment, refer to the NVIDIA Triton Inference Server Secure Deployment Considerations Guide.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.