Critical security updates have been released to fix two high-severity flaws in the Triton Inference Server that let attackers crash systems remotely from NVIDIA.
Both flaws received a CVSS score of 7.5, indicating they are high-priority threats requiring immediate patching.
The first vulnerability (CVE-2025-33211) involves improper validation of input quantity. An attacker can exploit this flaw to cause a denial-of-service (DoS) attack, effectively shutting down the Triton Inference Server.
The second vulnerability (CVE-2025-33201) stems from inadequate handling of unusual conditions, particularly when processing large payloads.
By sending large amounts of data, attackers can trigger a DoS attack without requiring special access.
| CVE ID | Description | CVSS Score | CWE | Impact |
|---|---|---|---|---|
| CVE-2025-33211 | Improper validation of specified quantity in input | 7.5 | CWE-1284 | Denial of Service |
| CVE-2025-33201 | Improper check for unusual or exceptional conditions with extra large payloads | 7.5 | CWE-754 | Denial of Service |
Both vulnerabilities require minimal effort from attackers, according to the CVSS vector ratings (AV:N/AC:L/PR:N/UI:N/S: U).
They are remotely exploitable, have low attack complexity, and require no prior authentication or user interaction.
This makes them particularly dangerous for organizations running Triton Inference Server in production environments. The vulnerabilities affect all Linux versions of Triton Inference Server before r25.10.
Organizations relying on Triton for machine learning inference operations should treat these flaws as critical security risks. The attack surface extends to any publicly accessible Triton deployment without proper network segmentation.
NVIDIA strongly recommends immediate patching by upgrading to Triton Inference Server version r25.10 or later. This update has been available on the official GitHub Releases page since December 2, 2025.
Beyond patching, organizations should review NVIDIA’s Secure Deployment Considerations Guide to implement additional security measures.
Additionally, administrators should assess network access controls and ensure Triton deployments are not directly exposed to untrusted networks.
Stronger checks like authentication and rate limits improve security, and researchers report flaws responsibly through safe disclosure.
NVIDIA maintains a comprehensive security program through its Product Security Incident Response Team (PSIRT).
Administrators with questions should contact NVIDIA Support directly or visit their official security portal for additional guidance.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
