CVE-2025-23352 is a vulnerability identified in NVIDIAโs vGPU software, specifically in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. If exploited successfully, it can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Affected versions include all releases prior to and including version 19.1, 18.4 and 16.11 of vGPU, as well as the August 2025 update. To mitigate the risk, users should update to the patched versions.
The vulnerability is categorized under CWE-824 Access of Uninitialized Pointer.
See more details on: