Nvidia has released an urgent software patch for its Triton Inference Server following the discovery of multiple critical vulnerabilities that could allow attackers to hijack AI models, steal sensitive data, and manipulate AI-generated outputs.
The security flaws, revealed Saturday and classified as “critical” by cybersecurity firm Wiz, affect one of Nvidia’s core software tools used by over 25,000 organizations, including tech giants like Microsoft, Amazon, Oracle, Siemens, and American Express.
Wiz head of vulnerability research Nir Ohfeld described the exploit chain as severe. “An attacker with no prior access could gain full control of a Triton AI server,” Ohfeld told Cointelegraph. “It begins with a minor bug that leaks internal data, which can then be used to gain unauthorized control of a private system component—ultimately enabling complete server takeover.”
The vulnerabilities—tracked under CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334—have not yet been exploited in the wild, according to Wiz. Still, the firm stresses immediate action. “The single most important step is to upgrade to Triton version 25.07 or newer,” Ohfeld said, confirming that the update fully mitigates the issue.
Nvidia has declined to comment beyond its official security bulletin, but the company’s swift patch rollout underscores the rising cybersecurity pressure in the AI infrastructure space.
AI infrastructure is becoming an increasingly lucrative target for threat actors. In 2025 alone, digital systems—from crypto networks to AI inference engines—have suffered significant breaches. According to blockchain security auditor Hacken, over $3.1 billion in crypto was stolen via exploits in the first half of the year, surpassing total losses in all of 2024.
Experts warn that emerging technologies like AI agents and quantum computing could fuel the next wave of cyber threats, putting even more pressure on companies like Nvidia to preemptively secure their systems.
As AI adoption continues to soar, Triton’s vulnerability highlights a growing concern: the tools powering intelligent systems may also be their weakest link if not properly secured.
