CVE-2025-23292

Description

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to partial denial of service (UI component).

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

Affected products

NVIDIA / DLS component of NVIDIA License SystemAll versions prior to v3.5.1 and v3.1.7 – All versions prior to v3.5.1 and v3.1.7

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23292
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23292
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5705