What is CVE-2025-23345?

CVE-2025-23345 is a medium-severity vulnerability in Nvidia Geforce, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2025-10-23.

How severe is CVE-2025-23345?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Out-of-bounds Read in Nvidia Geforce

CVE-2025-23345

NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of serv…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Nvidia Geforce — versions All driver versions prior to 581.42, All driver versions prior to 580.95.05, All driver versions prior to 570.195.03
Nvidia Guest Driver — versions 580.82.07(All versions up to and including the August 2025 release), 570.172.08(All versions prior to and including vGPU 18.4), 535.261.03(All versions prior to and including vGPU 16.11)
Nvidia Rtx, Quadro, Nvs — versions All driver versions prior to 581.42, All driver versions prior to 573.76, All driver versions prior to 539.56
Nvidia Tesla — versions All driver versions prior to 581.42, All driver versions prior to 573.76, All driver versions prior to 539.56

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

Frequently asked questions

What is CVE-2025-23345?: CVE-2025-23345 is a medium-severity vulnerability in Nvidia Geforce, classified under Out-of-bounds Read. CVSS score: 4.4/10. Published 2025-10-23.
How severe is CVE-2025-23345?: Medium severity. CVSS v3 base score is 4.4 out of 10.