Nvidia has released a software update to address “critical” vulnerabilities in its Triton server, a widely used open-source inference software for optimizing AI models, as discovered by cybersecurity firm Wiz.
According to Nir Ohfeld, head of vulnerability research at Wiz, a chain of vulnerabilities was found that could allow an attacker to gain full control of an AI server. Ohfeld explained, “The attack starts with a minor bug that causes the server to leak a small piece of secret internal data. An attacker can then use that data to trick one of the server’s legitimate features into giving them control over a private system component. This initial foothold is all they need to escalate their privileges and achieve a complete server takeover.”
Triton is crucial for AI operations at major enterprises like Microsoft, Amazon, Oracle, Siemens, and American Express. Over 25,000 companies use Nvidia’s AI stack, as indicated by a 2021 press release. The disclosed vulnerabilities have been assigned the identifiers CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334.
Nvidia advises users to update to the patched version of the Nvidia Triton Inference Server (version 25.07 or newer) to mitigate these risks. Ohfeld confirmed that this update “directly fixes the entire vulnerability chain.” Although there’s no evidence of these vulnerabilities being exploited, the widespread use of Nvidia Triton underscores the importance of prompt patching.
This incident highlights a broader trend of security vulnerabilities in emerging technologies in 2025. In the cryptocurrency sector, exploits related to access flaws and smart contract bugs resulted in $3.1 billion lost in the first half of 2025, surpassing total losses for 2024. Experts anticipate new cyber threats from advancements in AI agents and quantum computing.
