CVE-2025-23253

LOW2.5

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path

Published Apr 22, 2025

Modified 1 years ago

Details

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.

References

WEB

https://nvidia.custhelp.com/app/answers/detail/a_id/5644

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-23253

CVSS Analysis

CVSS v3.1

2.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

LowA:L

2.5/CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Weakness Type (CWE)

Other

CWE-547

Ecosystems

Timeline

PublishedApr 22, 2025

ModifiedApr 22, 2025