Newly disclosed security vulnerabilities in NVIDIA's Triton Inference Server for Windows and Linux could enable a remote attacker to take complete control of the server. These flaws, when chained, can result in remote code execution. Specifically, the issues reside in the Python backend, affecting how inference requests are handled. Addressed in version 25.07, vulnerabilities include out-of-bounds writes and reads, along with a shared memory attack potential, enabling denial of service and data tampering. Exploitation could lead to severe risks for organizations using Triton.
The vulnerabilities in the NVIDIA Triton Inference Server could allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution.
The issues are rooted in the Python backend that handles inference requests from any major AI frameworks, which may lead to information disclosure and remote code execution.
Collection
[
|
...
]