{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23295", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:26.349Z", "datePublished": "2025-08-13T17:19:54.303Z", "dateUpdated": "2025-08-15T03:55:53.489Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["All"], "product": "NVIDIA Apex", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions before release 25.07"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}], "value": "NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, escalation of privileges, information disclosure and data tampering"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-08-13T17:19:54.303Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23295"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23295"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5680"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-23295"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-15T03:55:53.489Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23295", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T18:11:25.969707Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T18:11:35.629Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, escalation of privileges, information disclosure and data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "NVIDIA Apex", "versions": [{"status": "affected", "version": "All versions before release 25.07"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23295"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-23295"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5680"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-08-13T17:19:54.303Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23295", "state": "PUBLISHED", "dateUpdated": "2025-08-15T03:55:53.489Z", "dateReserved": "2025-01-14T01:06:26.349Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-08-13T17:19:54.303Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:apex:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CEE4A0F-9689-4DD0-BE9C-D11E703ABF6E", "versionEndIncluding": "25.07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."}, {"lang": "es", "value": "NVIDIA Apex para todas las plataformas contiene una vulnerabilidad en un componente de Python que permite a un atacante causar un problema de inyecci\u00f3n de c\u00f3digo al proporcionar un archivo malicioso. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo, la escalada de privilegios, la divulgaci\u00f3n de informaci\u00f3n y la manipulaci\u00f3n de datos."}], "id": "CVE-2025-23295", "lastModified": "2025-10-22T18:35:01.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2025-08-13T18:15:29.253", "references": [{"source": "psirt@nvidia.com", "tags": ["Technical Description"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23295"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5680"}, {"source": "psirt@nvidia.com", "tags": ["Technical Description"], "url": "https://www.cve.org/CVERecord?id=CVE-2025-23295"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}