CVE-2025-23309 (GCVE-0-2025-23309)
Vulnerability from cvelistv5
Published
2025-10-10 17:40
Modified
2025-10-22 03:55
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE
  • CWE-427 - Uncontrolled Search Path Element
Summary
NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.
References
Impacted products
Vendor Product Version
NVIDIA GeForce Version: All driver versions prior to 581.42
 Create a notification for this product.
   NVIDIA NVIDIA RTX, Quadro, NVS Version: All driver versions prior to 581.42
 Create a notification for this product.
   NVIDIA NVIDIA RTX, Quadro, NVS Version: All driver versions prior to 573.76
 Create a notification for this product.
   NVIDIA NVIDIA RTX, Quadro, NVS Version: All driver versions prior to 539.56
 Create a notification for this product.
   NVIDIA Tesla Version: All driver versions prior to 581.42
 Create a notification for this product.
   NVIDIA Tesla Version: All driver versions prior to 573.76
 Create a notification for this product.
   NVIDIA Tesla Version: All driver versions prior to 539.56
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23309",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T03:55:21.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "GeForce",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 581.42"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 581.42"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R570)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 573.76"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "NVIDIA RTX, Quadro, NVS",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.56"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R580)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 581.42"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R570)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 573.76"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows(R535)"
          ],
          "product": "Tesla",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All driver versions prior to 539.56"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering."
            }
          ],
          "value": "NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service, Escalation of Privileges, Data Tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T17:40:42.076Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23309"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-23309"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5703"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23309",
    "datePublished": "2025-10-10T17:40:42.076Z",
    "dateReserved": "2025-01-14T01:06:27.219Z",
    "dateUpdated": "2025-10-22T03:55:21.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-23309\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2025-10-10T18:15:39.360\",\"lastModified\":\"2025-10-14T19:36:59.730\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2025-23309\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5703\",\"source\":\"psirt@nvidia.com\"},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2025-23309\",\"source\":\"psirt@nvidia.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-23309\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-10T20:29:54.429141Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-10T20:29:59.877Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service, Escalation of Privileges, Data Tampering\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"GeForce\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 581.42\"}], \"platforms\": [\"Windows(R580)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"NVIDIA RTX, Quadro, NVS\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 581.42\"}], \"platforms\": [\"Windows(R580)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"NVIDIA RTX, Quadro, NVS\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 573.76\"}], \"platforms\": [\"Windows(R570)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"NVIDIA RTX, Quadro, NVS\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 539.56\"}], \"platforms\": [\"Windows(R535)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"Tesla\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 581.42\"}], \"platforms\": [\"Windows(R580)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"Tesla\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 573.76\"}], \"platforms\": [\"Windows(R570)\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NVIDIA\", \"product\": \"Tesla\", \"versions\": [{\"status\": \"affected\", \"version\": \"All driver versions prior to 539.56\"}], \"platforms\": [\"Windows(R535)\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2025-23309\"}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2025-23309\"}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5703\"}], \"x_generator\": {\"engine\": \"NVIDIA PSIRT\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NVIDIA Display Driver contains a vulnerability where an uncontrolled DLL loading path might lead to arbitrary denial of service, escalation of privileges, code execution, and data tampering.\", \"base64\": true}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427 Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2025-10-10T17:40:42.076Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-23309\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-22T03:55:21.356Z\", \"dateReserved\": \"2025-01-14T01:06:27.219Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2025-10-10T17:40:42.076Z\", \"assignerShortName\": \"nvidia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.