This could matter to AI everywhere: Wiz researchers focused their analysis on Triton’s Python backend, citing its popularity and central role in the system. While it handles models written in Python, it also serves as a dependency for several other backendsmeaning models configured under different frameworks may still rely on it during parts of the inference process.If exploited, the vulnerability chain could let an unauthenticated attacker remotely take control of Triton, potentially leading to stolen AI models, leaked sensitive data, tampered model outputs, and lateral movement within the victim’s network.Nvidia has previously said its AI inference platform is used by more than 25000 customers, including tech heavyweights like Microsoft, Capital One, Samsung Medison, Siemens Energy, and Snap. On Monday, the company published a security advisory detailing the flaws with assigned CVEs: CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334, and patches. Users are recommended to upgrade both Nvidia Triton Inference Server and the Python backend to version 25.07 to completely mitigate the issue.Model-serving infrastructures like Triton are becoming a critical attack surface as AI adoption scales. In October 2023, inference endpoints from major providers like Hugging Face and Torch Serve faced issues that led to significant exposure risks.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4034219/nvidia-patches-critical-triton-server-bugs-that-threaten-ai-model-security.html
