Nvidia has released a software update to address a series of “critical” vulnerabilities discovered in its Triton server, a widely used open-source inference software designed to optimize artificial intelligence models. The cybersecurity firm Wiz identified these vulnerabilities, which could potentially lead to the takeover of AI models, data theft, and manipulation of responses.
According to Nir Ohfeld, head of vulnerability research at Wiz, a chain of vulnerabilities was found that, when combined, could allow an attacker with no prior access to gain full control of an AI server. Ohfeld explained, “The attack starts with a minor bug that causes the server to leak a small piece of secret internal data. An attacker can then use that data to trick one of the server’s legitimate features into giving them control over a private system component. This initial foothold is all they need to escalate their privileges and achieve a complete server takeover.”
Triton is integral to the AI operations of various major enterprises, including Microsoft, Amazon, Oracle, Siemens, and American Express. A 2021 press release indicated that over 25,000 companies utilize Nvidia’s AI stack. The disclosed vulnerabilities have been assigned the identifiers CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334.
Nvidia has advised users to update to the patched version of the Nvidia Triton Inference Server (version 25.07 or newer) as the most crucial step to mitigate these risks. Ohfeld confirmed that this update “directly fixes the entire vulnerability chain.” While there is currently no evidence of these specific vulnerabilities being exploited in the wild, the widespread adoption of Nvidia Triton for AI workloads underscores the importance of prompt patching.
This incident highlights a broader trend of security vulnerabilities affecting emerging technologies in 2025. In the cryptocurrency sector, for example, exploits related to access flaws and smart contract bugs have resulted in $3.1 billion lost in the first half of 2025, surpassing the total losses for the entirety of 2024. Experts also anticipate new cyber threats emerging from advancements in AI agents and quantum computing.
