Technology company NVIDIA released a software update on Saturday to patch vulnerabilities in its Triton server, which is used by customers for AI models.
These vulnerabilities are referred to as "critical vulnerabilities" by cybersecurity firm Wiz, and if not patched, could lead to the takeover of AI models, data theft, and manipulated responses.
Nir Ohfeld, head of vulnerability research at Wiz, stated: "Wiz's research discovered a series of vulnerability combinations that unauthorized attackers could use to gain complete control over AI servers."
He added: "The attack began with a small error that led to the server leaking some confidential internal data, which the attackers then used to gain control over private system components. This initial foothold was sufficient for them to elevate their privileges and take over the server completely."
Triton is an open-source inference software designed by NVIDIA to optimize AI models.
Although the customer base for Triton is still unclear, well-known companies such as Microsoft, Amazon, Oracle, Siemens, and American Express have been cited as users. According to a 2021 press release, over 25,000 companies use NVIDIA's AI solutions.
A NVIDIA spokesperson declined to comment, referring only to the company's security announcement. The disclosed vulnerabilities have been designated as CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334.
Ohfeld pointed out: "The most important step is to update to the patched version of the Nvidia Triton inference server (25.07 or newer), which directly addresses the entire vulnerability chain."
He added that there is currently no evidence that these vulnerabilities have been exploited in the wild. However, NVIDIA Triton is a very popular and widely used AI working platform.
Security vulnerabilities hinder emerging technologies
In 2025, security vulnerabilities hindered emerging technologies, including cryptocurrency, leading to the theft of billions of dollars in digital assets.
According to blockchain security audit firm Hacken, access vulnerabilities and smart contract flaws resulted in cryptocurrency losses of $3.1 billion in the first half of 2025, surpassing the total losses of 2024.
Meanwhile, some experts indicate that AI agents and quantum computing may pose new cyber threats.