NVIDIA has patched a essential vulnerability in its App for Home windows that would permit native attackers to execute arbitrary code and escalate privileges on affected techniques.
Tracked as CVE-2025-23358, the flaw exists within the installer part. It poses a major safety danger to Home windows customers operating the appliance.
The vulnerability stems from a search path ingredient difficulty inside the NVIDIA App installer, categorized beneath CWE-427.
An attacker with native entry and low privileges can exploit this flaw by manipulating the search path to inject malicious code.
Vulnerability Particulars and Technical Impression
The vulnerability requires consumer interplay to set off, however profitable exploitation grants full code execution and permits privilege escalation throughout the complete system.
CVE-2025-23358 with a CVSS v3.1 base rating of 8.2, the vulnerability carries a Excessive severity ranking.
The assault vector is only native, which means an attacker should have bodily or logical entry to the goal machine.
Nonetheless, the low assault complexity, mixed with the power to escalate privileges, makes this flaw significantly harmful in multi-user environments and company settings.
NVIDIA App for Home windows variations earlier than 11.0.5.260 are weak to this assault. Customers operating any model earlier than this patch launch stay uncovered to potential exploitation.
The corporate recommends that every one affected customers instantly obtain and set up model 11.0.5.260 or later from the official NVIDIA App web site to mitigate the danger.
CVE IDAffected ProductSeverityCVSS ScoreCVE-2025-23358NVIDIA App for Home windows (all variations previous to 11.0.5.260)High8.2
This vulnerability underscores the significance of preserving third-party software program updated, even for supplementary purposes like NVIDIA’s utility software program.
Attackers ceaselessly goal installer parts as a result of they typically run with elevated privileges throughout set up.
To guard your system, obtain the newest NVIDIA App model from the official NVIDIA App website. The patch straight addresses the search path dealing with difficulty and eliminates the code execution vector.
Organizations managing a number of NVIDIA-equipped workstations ought to prioritize deploying this replace throughout their infrastructure.
Safety groups ought to confirm their software program stock to establish techniques operating older NVIDIA App variations and coordinate fast patching efforts.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
