AI Sec Watch

CVE-2025-53774 is an information disclosure vulnerability in Microsoft 365 Copilot BizChat caused by improper neutralization of special elements used in commands (command injection, where attackers craft malicious input to execute unintended commands). The vulnerability allows unauthorized access to sensitive information, though the severity rating has not yet been assigned by the National Institute of Standards and Technology.

Ollama v0.1.33 has a vulnerability (CVE-2025-44779) that allows attackers to delete arbitrary files (any files on a system) by sending a specially crafted request to the /api/pull endpoint. The vulnerability stems from improper input validation (the software not properly checking user input for malicious content) and overly permissive file access settings.

Devin AI can be tricked into leaking sensitive information to attackers through multiple methods, including using its Shell tool to run data-stealing commands, using its Browser tool to send secrets to attacker-controlled websites, rendering images from untrusted domains, and posting hidden data to connected services like Slack. These attacks work because Devin has unrestricted internet access and can be manipulated through indirect prompt injection (tricking an AI by hiding malicious instructions in its input), where attackers embed instructions in places like GitHub issues that Devin investigates.

CVE-2025-23335 is a vulnerability in NVIDIA Triton Inference Server (a tool that runs AI models on servers) for Windows and Linux where an attacker could trigger an integer underflow (a math error where a number wraps around to a very large value) using a specially crafted model setup and input, potentially causing a denial of service (making the system crash or become unavailable).

NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend where an attacker could send a request that causes an out-of-bounds read (accessing memory outside the intended bounds), potentially leading to information disclosure (leaking sensitive data). The vulnerability has a CVSS 4.0 severity rating.

NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend where an attacker could manipulate shared memory data to cause an out-of-bounds read (reading data from memory locations that should not be accessed). This vulnerability could potentially lead to information disclosure, meaning an attacker might be able to see sensitive data they shouldn't have access to.

NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) has a vulnerability where an attacker could send a specially crafted request that causes the server to try allocating an extremely large amount of memory, resulting in a crash (segmentation fault, which is when a program stops running due to a memory error). This could lead to a denial of service attack (making the service unavailable to legitimate users).

NVIDIA Triton Inference Server for Windows and Linux has a vulnerability where an attacker could cause an integer overflow (a bug where a number becomes too large for the system to handle properly) by sending specially crafted inputs, potentially leading to denial of service (making the service unavailable) and data tampering. The severity rating from NIST has not yet been assigned.

NVIDIA Triton Inference Server (software that runs AI models on servers) for Windows and Linux has a vulnerability where an attacker could send specially crafted input that causes an integer overflow (when a number calculation exceeds the maximum value a computer can store, causing unexpected behavior), potentially leading to a denial of service attack (making the service unavailable to legitimate users).