Vulners
Lucene search
NVIDIA Virtual GPU Manager Multiple Vulnerabilities (July 2025)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(243281);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");
script_cve_id(
"CVE-2025-23277",
"CVE-2025-23278",
"CVE-2025-23279",
"CVE-2025-23283",
"CVE-2025-23284",
"CVE-2025-23285",
"CVE-2025-23286",
"CVE-2025-23290"
);
script_xref(name:"IAVA", value:"2025-A-0550-S");
script_name(english:"NVIDIA Virtual GPU Manager Multiple Vulnerabilities (July 2025)");
script_set_attribute(attribute:"synopsis", value:
"A GPU virtualization application installed on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The NVIDIA Virtual GPU Manager software on the remote host is missing a security update. It is, therefore, affected by
multiple vulnerabilities, including the following:
- NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an
attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this
vulnerability might lead to denial of service, data tampering, or information disclosure. (CVE-2025-23277)
- NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause
an improper index validation by issuing a call with crafted parameters. A successful exploit of this
vulnerability might lead to data tampering or denial of service. (CVE-2025-23278)
- NVIDIA .run Installer for Linux and Solaris contains a vulnerability where an attacker could use a race
condition to escalate privileges. A successful exploit of this vulnerability might lead to code execution,
escalation of privileges, information disclosure, denial of service, or data tampering. (CVE-2025-23279)
- NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager,
where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability
might lead to code execution, denial of service, escalation of privileges, information disclosure,
or data tampering. (CVE-2025-23283)
- NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could
cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution,
denial of service, information disclosure, or data tampering. (CVE-2025-23284)
- NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest
to access global resources. A successful exploit of this vulnerability might lead to denial of
service. (CVE-2025-23285)
- NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global
GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability
might lead to information disclosure. (CVE-2025-23290)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://nvidia.custhelp.com/app/answers/detail/a_id/5670/~/security-bulletin%3A-nvidia-gpu-display-driver---july-2025
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3251f5e4");
script_set_attribute(attribute:"solution", value:
"Upgrade the NVIDIA vGPU Manager software in accordance with the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-23283");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/25");
script_set_attribute(attribute:"patch_publication_date", value:"2025/07/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nvidia:virtual_gpu_manager");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nvidia_vgpu_manager_installed.nbin");
script_require_keys("installed_sw/NVIDIA Virtual GPU Manager", "os_fingerprint.nasl");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'NVIDIA Virtual GPU Manager');
var os = get_kb_item('Host/OS');
var constraints = [
{ 'min_version' : '535.0', 'fixed_version' : '535.247.02', 'fixed_display' : '16.11 (535.247.02)' },
{ 'min_version' : '570.0', 'fixed_version' : '570.158.02', 'fixed_display' : '18.4 (570.158.02)' }
];
if ('Azure Stack HCI' >< os)
{
constraints = [
{ 'min_version' : '539.28', 'fixed_version' : '573.55', 'fixed_display' : '18.4 (573.55)'}
];
}
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jan 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.17.8
EPSS0.00096
SSVC