“`html
NVIDIA has resolved a significant flaw in its Application for Windows that could permit local attackers to execute arbitrary code and elevate privileges on impacted systems.
Designated as CVE-2025-23358, the vulnerability is found in the installation component. It presents a considerable security threat to Windows users operating the application.
The flaw arises due to an issue concerning a search path element within the NVIDIA App installer, categorized under CWE-427.
An attacker with local access and limited privileges can take advantage of this vulnerability by altering the search path to introduce harmful code.
Vulnerability Details and Technical Impact
This vulnerability necessitates user engagement to activate, however successful exploitation enables complete code execution and allows for privilege escalation throughout the entire system.
CVE-2025-23358 has a CVSS v3.1 base score of 8.2, indicating a High severity classification.
The method of attack is strictly local, implying that an assailant must possess physical or logical access to the target device.
Nevertheless, the simple attack complexity, coupled with the potential for privilege escalation, renders this vulnerability particularly perilous in environments with multiple users and in corporate settings.
NVIDIA App for Windows editions preceding 11.0.5.260 are susceptible to this attack. Users operating any version prior to this patch release remain vulnerable to possible exploitation.
The company advises that all impacted users should promptly download and install version 11.0.5.260 or newer from the official NVIDIA App website to alleviate the threat.
| CVE ID | Affected Product | Severity | CVSS Score |
|---|---|---|---|
| CVE-2025-23358 | NVIDIA App for Windows (all versions prior to 11.0.5.260) | High | 8.2 |
This vulnerability highlights the necessity of maintaining up-to-date third-party software, even for auxiliary applications such as NVIDIA’s utility software.
Attackers often focus on installer components because they tend to execute with elevated privileges during installation.
To safeguard your system, retrieve the latest NVIDIA App version from the official NVIDIA App site. The patch directly resolves the search path handling issue and removes the code execution vulnerability.
Organizations managing numerous NVIDIA-enabled workstations should prioritize the deployment of this update across their infrastructure.
Security teams ought to audit their software inventory to identify systems running previous NVIDIA App versions and orchestrate swift patching efforts.
“`