Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.
Flowise incorrectly whitelisted the NVIDIA NIM router (`/api/v1/nvidia-nim/*`) in its authentication middleware, allowing anyone to access sensitive endpoints without logging in. This lets attackers steal NVIDIA API tokens, manipulate Docker containers, and cause denial of service attacks without needing valid credentials.
NVIDIA Merlin Transformers4Rec contains a code injection vulnerability (CWE-94, a weakness where attackers can trick software into running malicious code) that could let attackers execute arbitrary code, gain elevated permissions, steal information, or modify data. The vulnerability affects all platforms running this software. A CVSS severity score has not yet been assigned by NIST.
NVIDIA Merlin Transformers4Rec for Linux has a vulnerability in its Trainer component involving deserialization of untrusted data (treating unverified data as legitimate code or objects). A user exploiting this flaw could potentially run arbitrary code, crash the system (denial of service), steal information, or modify data.
NVIDIA Triton Server for Linux has a vulnerability where attackers can bypass input validation (improper validation of specified quantity in input) by sending malformed data. This flaw could allow an attacker to cause a denial of service attack (making a system unavailable to legitimate users).
NVIDIA Triton Inference Server has a vulnerability (CVE-2025-33201) where an attacker can send extremely large data payloads to bypass safety checks, potentially crashing the service and making it unavailable to legitimate users (a denial of service attack). The vulnerability stems from improper validation of unusual or exceptional input conditions.
CVE-2025-33202 is a stack overflow vulnerability (a memory safety bug where a program writes too much data into a reserved area of memory) in NVIDIA's Triton Inference Server for Linux and Windows. An attacker could exploit this by sending extremely large data payloads, potentially crashing the service and making it unavailable to users (denial of service).
CVE-2025-23336 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could cause a denial of service (making the system unavailable) by loading a misconfigured model. The vulnerability stems from improper input validation (the system not properly checking whether data is safe before using it).
CVE-2025-23329 is a vulnerability in NVIDIA Triton Inference Server (a tool used to run AI models efficiently) on Windows and Linux where an attacker could damage data in memory by accessing a shared memory region used by the Python backend, potentially causing the service to crash. The vulnerability involves improper access control (failing to properly restrict who can access certain resources) and out-of-bounds writing (writing data to memory locations it shouldn't).
CVE-2025-23328 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) where an attacker could send specially crafted input to cause an out-of-bounds write (writing data outside the intended memory location), potentially causing a denial of service (making the service unavailable). The vulnerability has a CVSS score of 4.0, indicating moderate severity.
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend that allows attackers to execute arbitrary code remotely by manipulating the model name parameter in model control APIs (functions that manage AI models). This vulnerability could lead to remote code execution (RCE, where an attacker runs commands on a system they don't own), denial of service (making the system unavailable), information disclosure (exposing sensitive data), and data tampering (modifying stored information).
NVIDIA Triton Inference Server has a vulnerability in its DALI backend (a component that processes data) where improper input validation (the failure to check if data is safe before using it) allows attackers to execute code on the system. The issue is classified as CWE-20, a common weakness type related to input validation problems.
NVIDIA Merlin Transformers4Rec contains a vulnerability in one of its Python dependencies that allows attackers to inject malicious code (code injection, where an attacker inserts unauthorized commands into a program). A successful attack could lead to code execution (running unauthorized commands on a system), privilege escalation (gaining higher-level access rights), information disclosure (exposing sensitive data), and data tampering (unauthorized modification of data).
CVE-2025-23335 is a vulnerability in NVIDIA Triton Inference Server (a tool that runs AI models on servers) for Windows and Linux where an attacker could trigger an integer underflow (a math error where a number wraps around to a very large value) using a specially crafted model setup and input, potentially causing a denial of service (making the system crash or become unavailable).
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend where an attacker could send a request that causes an out-of-bounds read (accessing memory outside the intended bounds), potentially leading to information disclosure (leaking sensitive data). The vulnerability has a CVSS 4.0 severity rating.
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability in its Python backend where an attacker could manipulate shared memory data to cause an out-of-bounds read (reading data from memory locations that should not be accessed). This vulnerability could potentially lead to information disclosure, meaning an attacker might be able to see sensitive data they shouldn't have access to.
NVIDIA Triton Inference Server (software that runs AI models on Windows and Linux) has a vulnerability where an attacker could send a specially crafted request that causes the server to try allocating an extremely large amount of memory, resulting in a crash (segmentation fault, which is when a program stops running due to a memory error). This could lead to a denial of service attack (making the service unavailable to legitimate users).
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability where an attacker could cause an integer overflow (a bug where a number becomes too large for the system to handle properly) by sending specially crafted inputs, potentially leading to denial of service (making the service unavailable) and data tampering. The severity rating from NIST has not yet been assigned.
NVIDIA Triton Inference Server (software that runs AI models on servers) for Windows and Linux has a vulnerability where an attacker could send specially crafted input that causes an integer overflow (when a number calculation exceeds the maximum value a computer can store, causing unexpected behavior), potentially leading to a denial of service attack (making the service unavailable to legitimate users).
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability where an attacker could send a specially crafted input that causes uncontrolled recursion (a function repeatedly calling itself without stopping), leading to a denial of service (DoS, making the service unavailable to legitimate users). The vulnerability has a CVSS 4.0 severity rating, though a full severity assessment from NIST has not yet been provided.
NVIDIA Triton Inference Server for Windows and Linux has a vulnerability where an integer overflow or wraparound (a mistake in how the software handles very large numbers, causing them to wrap around to negative values) can occur when a user sends an invalid request, potentially causing a segmentation fault (a crash where the program tries to access memory it shouldn't). This could allow an attacker to cause a denial of service (making the service unavailable to legitimate users).