CVE-2025-23352

Description

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS breakdown

Affected products

• NVIDIA / Virtual GPU Manager580.82.02(All versions up to and including the August 2025 release) – 580.82.02(All versions up to and including the August 2025 release)
• NVIDIA / Virtual GPU Manager580.82.02(All versions prior to and including vGPU 19.1) – 580.82.02(All versions prior to and including vGPU 19.1)
• NVIDIA / Virtual GPU Manager570.172.07(All versions prior to and including vGPU 18.4) – 570.172.07(All versions prior to and including vGPU 18.4)
• NVIDIA / Virtual GPU Manager535.261.04(All versions prior to and including vGPU 16.11) – 535.261.04(All versions prior to and including vGPU 16.11)

References

• CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23352
• CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23352
• MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5703