CVE-2025-23242
Published: 11 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-23242 is an improper access control vulnerability (CWE-284) in NVIDIA Riva. The issue allows a user to bypass access controls, potentially leading to escalation of privileges, data tampering, denial of service, or information disclosure. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low attack complexity.
Attackers with network access to a vulnerable NVIDIA Riva instance can exploit this without requiring privileges or user interaction. Successful exploitation could enable privilege escalation on the system, arbitrary data tampering affecting integrity, denial of service impacting availability, or unauthorized disclosure of sensitive information.
NVIDIA has published a security advisory with mitigation guidance at https://nvidia.custhelp.com/app/answers/detail/a_id/5625. Security practitioners should consult this bulletin for details on patches, workarounds, or configuration changes to address the vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Network-accessible improper access control vulnerability with no auth required directly enables exploitation of public-facing applications (T1190) and can be used for privilege escalation (T1068) as explicitly described in the impacts.