{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23253", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:22.262Z", "datePublished": "2025-04-22T18:45:57.735Z", "dateUpdated": "2025-04-22T18:55:57.135Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "NVIDIA App", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions up to and including 11.0.2.337 (prod2 hotfix)"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}], "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, or data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-547", "description": "CWE-547 Use of Hard-coded, Security-relevant Constants", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-04-22T18:47:30.483Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-22T18:53:59.464030Z", "id": "CVE-2025-23253", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T18:55:57.135Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23253", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-22T18:53:59.464030Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-22T18:55:52.878Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, escalation of privileges, information disclosure, or data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA App", "versions": [{"status": "affected", "version": "All versions up to and including 11.0.2.337 (prod2 hotfix)"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-547", "description": "CWE-547 Use of Hard-coded, Security-relevant Constants"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-04-22T18:47:30.483Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23253", "state": "PUBLISHED", "dateUpdated": "2025-04-22T18:55:57.135Z", "dateReserved": "2025-01-14T01:06:22.262Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-04-22T18:45:57.735Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."}, {"lang": "es", "value": "El servicio NVIDIA NvContainer para Windows contiene una vulnerabilidad en el uso de OpenSSL. Un atacante podr\u00eda explotar un problema constante codificado copiando una DLL maliciosa en una ruta codificada. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar ejecuci\u00f3n de c\u00f3digo, denegaci\u00f3n de servicio, escalada de privilegios, divulgaci\u00f3n de informaci\u00f3n o manipulaci\u00f3n de datos."}], "id": "CVE-2025-23253", "lastModified": "2025-04-23T14:08:13.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-04-22T19:15:51.827", "references": [{"source": "[email protected]", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5644"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-547"}], "source": "[email protected]", "type": "Primary"}]}

{}