NVIDIA disclosed and patched a high-severity vulnerability (CVE-2025-23254) in its TensorRT-LLM framework that could allow a local attacker to execute arbitrary code, tamper with data and compromise AI workloads. The flaw resides in the Python executor’s insecure use of pickle serialization for inter-process communication. An adversary with access to the TRTLLM server socket can craft a malicious pickle payload to invoke arbitrary functions during deserialization, leading to code execution, information disclosure and data corruption. Exploitation may expose sensitive model parameters, customer inputs, proprietary algorithms and internal configuration files, damaging the integrity of machine learning pipelines and undermining trust in downstream AI services. Although no public exploit has been observed, the CVSS 3.1 score of 8.8 underscores the severity of potential impact. NVIDIA’s patch in version 0.18.2 adds HMAC-based encryption for IPC channels to validate message integrity and prevent unauthorized deserialization. Organizations using TensorRT-LLM are urged to upgrade immediately to guard against supply-chain disruptions, loss of intellectual property and inadvertent leakage of employee or customer data. Failure to apply the fix could result in undetected unauthorized code execution within critical AI infrastructure, leading to compliance violations and operational downtime.
Source: https://cybersecuritynews.com/nvidia-tensorrt-llm-high-severity-vulnerability/
"id": "job301050225",
"linkid": "jobs",
"type": "Vulnerability",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"