Multiple NVIDIA Vulnerabilities Allow Attackers to Escalate Privileges

NVIDIA has released a critical software update for the NVIDIA App to address newly discovered vulnerabilities that could allow local attackers to escalate privileges.

System administrators and end users running Windows 10 and 11 are strongly urged to download and install version 11.0.5.245 to protect against potential exploitation.

Overview

A recent security advisory details one high-severity vulnerability affecting the NVIDIA Installer for NvAPP on Windows platforms.

The flaw resides in the FrameviewSDK installation process, where a local attacker with limited privileges can modify files within the Frameview SDK directory.

Such malicious modifications can trigger unauthorized code execution with elevated rights, potentially compromising system integrity, confidentiality, and availability.

NVIDIA credits researchers Dong-uk Kim and JunYoung Park of KAIST Hacking Lab for reporting this issue through the NVIDIA Product Security Incident Response Team (PSIRT).

The prompt disclosure and coordination underscore NVIDIA’s commitment to proactive vulnerability management.

Vulnerability Details

CVE IDDescriptionCVSS v3.1 VectorBase ScoreSeverityImpact
CVE-2025-23297Local unprivileged attacker can modify Frameview SDK installation files, leading to potential privilege escalation.AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H7.8HighEscalation of privileges

Affected Products and Versions

This update addresses the vulnerability in all prior versions of NVIDIA App on Windows:

  • Affected Product: NVIDIA App
  • Platform: Windows 10/11
  • Affected Versions: All releases before 11.0.5.245
  • Updated Version: 11.0.5.245

Mitigation and Remediation

To safeguard systems against exploitation, administrators and users should:

  1. Visit the NVIDIA App download page.
  2. Download version 11.0.5.245 or later.
  3. Follow the installation prompts to complete the upgrade.
  4. Reboot the system if prompted.

Applying the update closes the FrameviewSDK installation loophole and restores proper file integrity checks.

NVIDIA extends gratitude to Dong-uk Kim and JunYoung Park of KAIST Hacking Lab for responsibly disclosing CVE-2025-23297.

Their research and coordination facilitated a rapid response and update rollout.

For the latest NVIDIA security bulletins and advisories:

  • Subscribe to NVIDIA Product Security notifications.
  • Review current and past bulletins on the NVIDIA Product Security page.
  • Report any suspected security issues in NVIDIA products to PSIRT.
  • Learn about NVIDIA’s vulnerability management and incident response processes.

Keeping software up to date is the first line of defense against emerging threats.

Ensure that the NVIDIA App on your Windows systems is patched to the latest version to maintain optimal security and performance.

Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates

AnuPriya
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here