{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33238", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-04-15T18:51:08.191Z", "datePublished": "2026-03-24T20:25:57.422Z", "dateUpdated": "2026-03-25T14:27:27.955Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:25:57.422Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33238"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33238"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:21:27.679831Z", "id": "CVE-2025-33238", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:27.955Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:21:27.679831Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:21:33.999Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33238"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33238"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:25:57.422Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33238", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:27:27.955Z", "dateReserved": "2025-04-15T18:51:08.191Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-24T20:25:57.422Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0D7A8AF-02D2-48AF-8F19-07020D3DA704", "versionEndExcluding": "26.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service."}, {"lang": "es", "value": "El servidor HTTP Sagemaker de NVIDIA Triton Inference Server contiene una vulnerabilidad donde un atacante puede causar una excepci\u00f3n. Un exploit exitoso de esta vulnerabilidad puede llevar a una denegaci\u00f3n de servicio."}], "id": "CVE-2025-33238", "lastModified": "2026-03-31T01:31:44.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:24.083", "references": [{"source": "psirt@nvidia.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33238"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2025-33238"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@nvidia.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.01)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Triton Inference Server", "source": "cna", "vendor": "NVIDIA"}, "product": "triton_inference_server", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-31T05:28:50.234018+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA Triton Inference Server patch or upgrade when it becomes available.", "If a patch is not yet released, restrict or disable the SageMaker HTTP endpoint and monitor network traffic for repeated malformed requests that could trigger the exception.", "Implement firewall or rate\u2011limiting rules to block suspicious traffic patterns that may exploit the vulnerability."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA\u2019s Triton Inference Server, specifically the SageMaker HTTP server component. No specific version information is provided in the public record, so all releases of the product that include this component should be considered potentially affected.", "description_and_impact": "A flaw in NVIDIA Triton Inference Server\u2019s SageMaker HTTP server allows an attacker to trigger an exception, which can cause the server to become unresponsive and ultimately deny service to legitimate users. The weakness is classified as CWE\u2011362, a race\u2011condition condition that leads to a state inconsistency. The resulting impact is a loss of availability for any workloads relying on the affected endpoint.", "risk_and_exploitability": "The CVSS score of 7.5 denotes a high severity level. The EPSS score is reported as less than 1%, indicating a low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the error can be triggered by external HTTP requests to the SageMaker endpoint. Successful exploitation would disrupt service but is unlikely to provide an attacker with other privileges or data access."}}}}, "created": "2026-03-25T11:45:59.216375+00:00", "updated": "2026-03-31T20:09:22.999380+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$triton_inference_server"]}