NVIDIA

NVIDIA disclosed and patched a high-severity vulnerability (CVE-2025-23254) in its TensorRT-LLM framework that could allow a local attacker to execute arbitrary code, tamper with data and compromise AI workloads. The flaw resides in the Python executor’s insecure use of pickle serialization for inter-process communication. An adversary with access to the TRTLLM server socket can craft a malicious pickle payload to invoke arbitrary functions during deserialization, leading to code execution, information disclosure and data corruption. Exploitation may expose sensitive model parameters, customer inputs, proprietary algorithms and internal configuration files, damaging the integrity of machine learning pipelines and undermining trust in downstream AI services. Although no public exploit has been observed, the CVSS 3.1 score of 8.8 underscores the severity of potential impact. NVIDIA’s patch in version 0.18.2 adds HMAC-based encryption for IPC channels to validate message integrity and prevent unauthorized deserialization. Organizations using TensorRT-LLM are urged to upgrade immediately to guard against supply-chain disruptions, loss of intellectual property and inadvertent leakage of employee or customer data. Failure to apply the fix could result in undetected unauthorized code execution within critical AI infrastructure, leading to compliance violations and operational downtime.

Source: https://cybersecuritynews.com/nvidia-tensorrt-llm-high-severity-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/jobs

"id": "job301050225",
"linkid": "jobs",
"type": "Vulnerability",
"date": "5/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'NVIDIA',
                        'type': 'Company'}],
 'attack_vector': 'Local',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['sensitive model parameters',
                                              'customer inputs',
                                              'proprietary algorithms',
                                              'internal configuration files']},
 'description': 'NVIDIA disclosed and patched a high-severity vulnerability '
                '(CVE-2025-23254) in its TensorRT-LLM framework that could '
                'allow a local attacker to execute arbitrary code, tamper with '
                'data and compromise AI workloads. The flaw resides in the '
                'Python executor’s insecure use of pickle serialization for '
                'inter-process communication. An adversary with access to the '
                'TRTLLM server socket can craft a malicious pickle payload to '
                'invoke arbitrary functions during deserialization, leading to '
                'code execution, information disclosure and data corruption. '
                'Exploitation may expose sensitive model parameters, customer '
                'inputs, proprietary algorithms and internal configuration '
                'files, damaging the integrity of machine learning pipelines '
                'and undermining trust in downstream AI services. Although no '
                'public exploit has been observed, the CVSS 3.1 score of 8.8 '
                'underscores the severity of potential impact. NVIDIA’s patch '
                'in version 0.18.2 adds HMAC-based encryption for IPC channels '
                'to validate message integrity and prevent unauthorized '
                'deserialization. Organizations using TensorRT-LLM are urged '
                'to upgrade immediately to guard against supply-chain '
                'disruptions, loss of intellectual property and inadvertent '
                'leakage of employee or customer data. Failure to apply the '
                'fix could result in undetected unauthorized code execution '
                'within critical AI infrastructure, leading to compliance '
                'violations and operational downtime.',
 'impact': {'data_compromised': ['sensitive model parameters',
                                 'customer inputs',
                                 'proprietary algorithms',
                                 'internal configuration files'],
            'downtime': 'operational downtime',
            'legal_liabilities': 'compliance violations',
            'operational_impact': 'supply-chain disruptions, loss of '
                                  'intellectual property, inadvertent leakage '
                                  'of employee or customer data',
            'systems_affected': 'TensorRT-LLM framework'},
 'post_incident_analysis': {'corrective_actions': 'HMAC-based encryption for '
                                                  'IPC channels to validate '
                                                  'message integrity and '
                                                  'prevent unauthorized '
                                                  'deserialization',
                            'root_causes': 'insecure use of pickle '
                                           'serialization for inter-process '
                                           'communication'},
 'recommendations': 'Organizations using TensorRT-LLM are urged to upgrade '
                    'immediately to guard against supply-chain disruptions, '
                    'loss of intellectual property and inadvertent leakage of '
                    'employee or customer data.',
 'response': {'recovery_measures': 'Organizations using TensorRT-LLM are urged '
                                   'to upgrade immediately',
              'remediation_measures': 'Patch in version 0.18.2 adds HMAC-based '
                                      'encryption for IPC channels'},
 'title': 'NVIDIA TensorRT-LLM Framework Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-23254'}

NVIDIA

Microsoft

Google

Cisco