Nvidia Nsight Graphics < 2025.3 DLL Hijacking

🗓️ 03 Oct 2025 00:00:00Reported by TenableType

Nvidia Nsight Graphics below 2025.3 has ngfx DLL hijacking, risking code execution and data tampering.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-23355	2 Oct 202516:02	–	circl
CNNVD	NVIDIA Nsight Graphics for Windows 代码问题漏洞	1 Oct 202500:00	–	cnnvd
CVE	CVE-2025-23355	1 Oct 202521:19	–	cve
Cvelist	CVE-2025-23355	1 Oct 202521:19	–	cvelist
EUVD	EUVD-2025-32046	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23355	1 Oct 202522:15	–	nvd
Nvidia	Security Bulletin: NVIDIA Nsight Graphics - September 2025	30 Sep 202500:00	–	nvidia
OSV	CVE-2025-23355	1 Oct 202522:15	–	osv
Positive Technologies	PT-2025-40303	1 Oct 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23355	6 Oct 202506:14	–	redhatcve

Source	Link
nvidia	www.nvidia.custhelp.com/app/answers/detail/a_id/5704
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(266461);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/23");

  script_cve_id("CVE-2025-23355");
  script_xref(name:"IAVA", value:"2025-A-0720-S");

  script_name(english:"Nvidia Nsight Graphics < 2025.3 DLL Hijacking");

  script_set_attribute(attribute:"synopsis", value:
"Nvidia Nsight Graphics installed on remote Windows host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The version of Nvidia Nsight Graphics installed on the remote Windows host is affected by a vulnerability in an ngfx
component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead
to code execution, escalation of privileges, data tampering, and denial of service.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvidia.custhelp.com/app/answers/detail/a_id/5704");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Nvidia Nsight Graphics version 2025.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-23355");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:nvidia:nsight_graphics");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nvidia_nsight_graphics_win_installed.nbin");
  script_require_keys("installed_sw/Nsight Graphics", "SMB/Registry/Enumerated");

  exit(0);
}
include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {'scope': 'target', 'match': {'os': 'windows'}}
  ],
  'checks': [
    {
      'product': {'name': 'Nsight Graphics', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2025.3'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);

23 Feb 2026 00:00Current

5.1Medium risk

Vulners AI Score5.1

CVSS 3.16.7 - 7.8

EPSS0.00017

SSVC