Scan free
HIGHCVE-2025-23343CVSS 7.6

CVE-2025-23343: Information Disclosure in NVIDIA NVDebug Tool

Platform

other

Component

nvdebug-tool

Fixed in

1.7.1

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-23343 describes an Information Disclosure vulnerability discovered in the NVIDIA NVDebug tool. This flaw allows an attacker to write files to restricted components within the tool, potentially compromising system integrity. The vulnerability impacts all versions of NVDebug prior to 1.7.0, and a patch is available from NVIDIA.

Impact and Attack Scenarios

Successful exploitation of CVE-2025-23343 could allow an attacker to gain unauthorized access to sensitive information stored within the NVDebug tool's restricted areas. This could include configuration files, debugging symbols, or even proprietary code. The ability to write files also opens the door to denial-of-service attacks by overwriting critical system files or corrupting the tool's data. Furthermore, data tampering becomes a possibility, enabling attackers to modify the tool's behavior or inject malicious code. While the direct impact is limited to systems running NVDebug, the potential for information disclosure and system disruption warrants immediate attention.

Exploitation Context

CVE-2025-23343 was publicly disclosed on 2025-09-09. There is currently no indication of active exploitation or a public proof-of-concept. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The potential for exploitation exists, particularly given the ability to write files to restricted components, but the lack of public exploits suggests a low to medium probability of near-term exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureMedium

EPSS

0.07% (20% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H7.6HIGHAttack VectorAdjacentHow the attacker reaches the targetAttack ComplexityHighConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Adjacent — requires network proximity: same LAN, Bluetooth, or local wireless segment. Not internet-exposed.
Attack Complexity
High — requires a race condition, non-default configuration, or specific circumstances. Harder to exploit reliably.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentnvdebug-tool
VendorNVIDIA
Affected rangeFixed in
All versions prior to 1.7.0 – All versions prior to 1.7.01.7.1

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-23343 is to upgrade to NVIDIA NVDebug tool version 1.7.0 or later, which contains the fix. If upgrading is not immediately feasible, consider implementing strict file system permissions to restrict write access to the NVDebug tool's directories. Monitoring system logs for unusual file creation or modification attempts within the NVDebug tool's installation directory can also help detect potential exploitation. After upgrading, verify the fix by attempting to write a test file to a restricted directory; the operation should fail with an access denied error.

How to fix

Actualice la herramienta NVIDIA NVDebug a la versión 1.7.0 o posterior. Esto solucionará la vulnerabilidad que permite la escritura de archivos en componentes restringidos.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-23343 — Information Disclosure in NVIDIA NVDebug Tool?

CVE-2025-23343 is a vulnerability in the NVIDIA NVDebug tool that allows an attacker to write files to restricted components, potentially leading to information disclosure, denial of service, and data tampering. It has a CVSS score of 7.6 (HIGH).

Am I affected by CVE-2025-23343 in NVIDIA NVDebug Tool?

You are affected if you are using NVIDIA NVDebug tool versions prior to 1.7.0. All versions before 1.7.0 are vulnerable to this information disclosure flaw.

How do I fix CVE-2025-23343 in NVIDIA NVDebug Tool?

Upgrade to NVIDIA NVDebug tool version 1.7.0 or later to resolve the vulnerability. As a temporary measure, restrict write access to the tool's directories.

Is CVE-2025-23343 being actively exploited?

There is currently no indication of active exploitation or a public proof-of-concept for CVE-2025-23343.

Where can I find the official NVIDIA advisory for CVE-2025-23343?

Refer to the NVIDIA security bulletin for CVE-2025-23343 on the NVIDIA website for detailed information and updates.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs