CVE-2025-23339

LOW

NVIDIA CUDA Toolkit < 13.0.0 - Stack-based Buffer Overflow via Malicious ELF File in cuobjdump

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-23339. PoCs published by SpiralBL0CK.

AI-analyzed exploit summary This repository contains a working exploit for CVE-2025-23339, leveraging a one-gadget ROP chain to achieve remote code execution. The exploit constructs a malicious CUDA binary (cubin) file to trigger the vulnerability.

Description

NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.

Exploits (1)

nomisec WORKING POC
by SpiralBL0CK · poc
https://github.com/SpiralBL0CK/ce-for-CVE-2025-23339

This repository contains a working exploit for CVE-2025-23339, leveraging a one-gadget ROP chain to achieve remote code execution. The exploit constructs a malicious CUDA binary (cubin) file to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Unknown (CUDA-related software, likely NVIDIA driver or GPU toolkit)
No auth needed
Prerequisites: Target system with vulnerable CUDA software · Ability to deliver malicious cubin file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 3.3
EPSS 0.0030
EPSS Percentile 21.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121
Status published
Products (1)
nvidia/cuda_toolkit < 13.0.0
Published Sep 24, 2025
Tracked Since Feb 18, 2026