The NVIDIA technology company published a software update on Saturday to correct the vulnerabilities of its Triton server, which customers use for artificial intelligence models.
Vulnerabilities, which the Wiz cybersecurity company calls “critical”, could lead to the takeover of AI models, data theft and the manipulation of the answer if it is not corrected.
“Wiz Research has revealed a chain of vulnerabilities which, when combined, could allow an attacker without prior access to take total control of an AI server,” said Cointelegraph, responsible for the Wiz vulnerability research, Nir Ohfeld.
“The attack begins with a minor bug that scares the server a small piece of secret internal data,” he said. “An attacker can then use this data to deceive one of the legitimate features of the server to give them a control over a private system component. This initial position is everything he needs to degenerate his privileges and obtain a complete takeover of the server.”
https://www.youtube.com/watch?
Triton is open source inference software designed by Nvidia to optimize artificial intelligence models.
Although the complete extent of customers who use Triton is unknown, some large companies have been cited as using it, including Microsoft, Amazon, Oracle, Siemens and American Express. According to a press release from 2021, more than 25,000 companies use the NVIDIA IA battery.
A spokesperson for Nvidia refused to comment beyond the reference to the company’s security bulletin. The disclosed vulnerabilities received the CVE-2025-23319, CVE-2025-23320 and CVE-2025-23334 identifiers.
“The most important step is to update the correct version of the Nvidia Triton inference server (version 25.07 or more recent),” Ohfeld told Cointelegraph. “This directly corrects the entire vulnerability chain.”
Ohfeld added that for the moment, “we have not seen evidence of these specific vulnerabilities exploited in the wild. However, Nvidia Triton is a very popular platform and widely used for the workloads of the AI.”
In relation: 5 Vulnerabilities of intelligent contracts: how to identify and mitigate them
Security vulnerabilities are hampering emerging technologies
Security vulnerabilities hampered emerging technologies in 2025, including crypto, where exploits led to theft of billions of dollars in digital assets.
According to Hacken, an auditor of the Security Blockchain, Access Flaws and Smart Contract Bugs contribute to the $ 3.1 billion lost in cryptographic exploits in the first half of 2025. This amount already exceeds the total lost in 2024.
Meanwhile, according to some experts, AI agents and quantum IT are likely to put new cyber-menaces.
Review: Inside Pink Draign – The security analyst defends his cryptographic scam franchise