CVE-2025-23243
Published: 11 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-23243 is an improper access control vulnerability (CWE-284) in NVIDIA Riva, published on 2025-03-11. The issue allows a user to potentially cause data tampering or denial of service upon successful exploitation. It has a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), rated as medium severity with network accessibility, low attack complexity, no privileges or user interaction required, and unchanged scope.
An unauthenticated attacker with network access can exploit this vulnerability remotely. Exploitation requires low complexity and no user interaction, potentially leading to limited integrity impacts such as data tampering or limited availability impacts resulting in denial of service, with no confidentiality impacts.
The NVIDIA security advisory provides details on mitigation and patches at https://nvidia.custhelp.com/app/answers/detail/a_id/5625.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a remotely exploitable improper access control vulnerability in the network-accessible NVIDIA Riva service, allowing unauthenticated attackers to cause data tampering or denial of service with no privileges or user interaction required, directly mapping to exploitation of a public-facing application.