CVE-2025-23347

Description

NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

NVIDIA / GeForceAll driver versions prior to 581.42 – All driver versions prior to 581.42
NVIDIA / NVIDIA RTX, Quadro, NVSAll driver versions prior to 581.42 – All driver versions prior to 581.42
NVIDIA / NVIDIA RTX, Quadro, NVSAll driver versions prior to 573.76 – All driver versions prior to 573.76
NVIDIA / TeslaAll driver versions prior to 581.42 – All driver versions prior to 581.42
NVIDIA / TeslaAll driver versions prior to 573.76 – All driver versions prior to 573.76

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23347
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23347
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5703