{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33254", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-04-15T18:51:08.848Z", "datePublished": "2026-03-24T20:26:12.161Z", "dateUpdated": "2026-03-25T14:27:22.512Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:26:12.161Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33254"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33254"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:21:52.782549Z", "id": "CVE-2025-33254", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:22.512Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33254", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:21:52.782549Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:22:39.743Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33254"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33254"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:26:12.161Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33254", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:27:22.512Z", "dateReserved": "2025-04-15T18:51:08.848Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-24T20:26:12.161Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0D7A8AF-02D2-48AF-8F19-07020D3DA704", "versionEndExcluding": "26.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A successful exploit of this vulnerability may lead to a denial of service."}, {"lang": "es", "value": "NVIDIA Triton Inference Server contiene una vulnerabilidad donde un atacante puede causar corrupci\u00f3n del estado interno. Un exploit exitoso de esta vulnerabilidad puede llevar a una denegaci\u00f3n de servicio."}], "id": "CVE-2025-33254", "lastModified": "2026-03-31T01:31:20.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:24.917", "references": [{"source": "psirt@nvidia.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33254"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2025-33254"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "psirt@nvidia.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.01)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Triton Inference Server", "source": "cna", "vendor": "NVIDIA"}, "product": "triton_inference_server", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-31T06:04:44.425196+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA Triton Inference Server patch or upgrade to the most recent release that addresses the issue.", "Verify that the server service is running the patched version before resuming normal operations.", "If a patch or upgrade cannot be applied immediately, restrict network access to the inference endpoint so that only trusted clients can reach it.", "Monitor server logs for abnormal request handling or unexpected crashes that might indicate an attempt to trigger the race condition.", "Restart the Triton service after applying the patch to ensure that all internal state is cleanly reinitialized."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All deployments of NVIDIA Triton Inference Server are affected. No specific firmware or software release numbers were listed in the available data, so any version that contains the vulnerable code path requires assessment of the latest builds from NVIDIA to determine if the issue has been fixed.", "description_and_impact": "NVIDIA Triton Inference Server is vulnerable to an internal state corruption flaw that can trigger a denial of service. The weakness is a race condition impacting the server\u2019s ability to process inference requests correctly. When exploited, the server can become unresponsive, leading to service disruption for any application relying on the inference engine. The Primary impact is on availability, as reflected by a CVSS score of 7.5.", "risk_and_exploitability": "The assessed criticality is high, with a CVSS score of 7.5, and the EPSS score is reported as less than 1%, indicating a low current likelihood of exploitation. This vulnerability is not recorded in CISA\u2019s Known Exploited Vulnerabilities catalog. The description does not detail how the race condition is triggered, but the likely attack vector is through the network interface by sending specially crafted inference requests, as is common with Triton server vulnerabilities. This inference is based on the nature of the software and typical exploits of internal state corruption in similar systems."}}}}, "created": "2026-03-25T11:45:58.208002+00:00", "updated": "2026-03-31T20:09:22.003940+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$triton_inference_server"]}