Nvidia software bug a critical risk for companies using it for AI | Official Website of Louis Velazquez, entrepreneur, finance guy and tech innovator

Every piece of hardware and software we use can make us vulnerable. The more of these we use, the greater the potential for costly bugs.

Limiting software and hardware use to only the essentials would be the perfect solution. Imagine the good old days when people knew telephone numbers by memory.

Alas, today, companies suffer from the fear of missing out. They operate based on the pretense that they will surely lose to their rivals if they don’t make or use artificial intelligence.

Incredible sums of money are being spent on the development of ill-defined terms such as “artificial general intelligence” and “superintelligence.”

Most AI models are trained on Nvidia’s cards. The whole AI empire depends on Nvidia’s software and hardware safety. If dangerous-enough vulnerabilities affecting them are found by malicious hackers, they could wreak havoc on billions of dollars of investments.

The AI industry depends on Nvidia’s chips.

Image source&colon; Shutterstock

Critical vulnerabilities discovered in Nvidia’s Triton inference server

Nvidia’s (NVDA) Triton Inference Server is an open-source platform for running AI models. The Wiz Research team found a series of critical vulnerabilities in the software.

“This poses a critical risk to organizations using Triton for AI/ML, as a successful attack could lead to the theft of valuable AI models, exposure of sensitive data, manipulating the AI model’s responses and a foothold for attackers to move deeper into a network,” wrote Ronen Shustin and Nir Ohfeld on Wiz’ blog.

The team disclosed these issues to Nvidia. Vulnerabilities have been assigned the identifiers CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334, and a patch has been released.

Nvidia advised users of the software to upgrade both the Nvidia Triton Inference Server and the Python backend to version 25.07.

Hopefully most companies have already updated their systems. However, unfortunately, servers often get left without critical updates for years.

A good example is the U.S. Cybersecurity and Infrastructure Security Agency’s announcement from July 7. The agency added four CVEs to its Known Exploited Vulnerabilities catalog, as it found evidence of active exploitation.

The vulnerabilities in question were CVE-2014-3931, CVE-2016-10033, CVE-2019-5418, and CVE-2019-9621. You were right if you guessed that they were about 11, 9, 6, and 6 years old, respectively.

As if having a critical exploit in its software that could result in widespread abuse isn’t enough, Nvidia faced two different security scrutinies in the past month.

Rowhammer, China scrutiny strike Nvidia

On July 9, NVIDIA released a security notice upon receiving new research on the industry-wide DRAM issue known as “Rowhammer.”

Research paper GPUHammer, published at USENIX Security 2025, demonstrated the first attack to show Rowhammer bit flips on GPU memories, specifically on a GDDR6 memory in an Nvidia A6000 GPU.

This attack allows a malicious GPU user to vandalize another user’s data on the GPU in shared, time-sliced environments.

The researchers demonstrated a proof-of-concept attack using a single bit flip. The attack interfered with a target’s deep neural network models and degraded model accuracy from 80% to 0.1%.

Mitigation is enabling Error Correction Codes (ECC), but according to the researchers, ECC can introduce up to a 10% slowdown for machine learning inference workloads on an A6000 GPU.

Nvidia under China’s microscope

Nvidia faced scrutiny from the Cyberspace Administration of China at the end of July.

The country’s internet regulator expressed concern about the U.S. proposal to equip advanced chips sold abroad with tracking functions.

More Nvidia:

The company was called to a meeting on July 31 to explain whether its H20 AI chip had any backdoor security risks.

As Reuters reported, an Nvidia spokesperson said the company does not have “backdoors” in its chips that would allow anyone to remotely access or control them.

Let’s hope we don’t hear about new Nvidia security issues for a long time.