NVIDIA has released a critical software update for the NVIDIA App to address newly discovered vulnerabilities that could allow local attackers to escalate privileges.
System administrators and end users running Windows 10 and 11 are strongly urged to download and install version 11.0.5.245 to protect against potential exploitation.
Overview
A recent security advisory details one high-severity vulnerability affecting the NVIDIA Installer for NvAPP on Windows platforms.
The flaw resides in the FrameviewSDK installation process, where a local attacker with limited privileges can modify files within the Frameview SDK directory.
Such malicious modifications can trigger unauthorized code execution with elevated rights, potentially compromising system integrity, confidentiality, and availability.
NVIDIA credits researchers Dong-uk Kim and JunYoung Park of KAIST Hacking Lab for reporting this issue through the NVIDIA Product Security Incident Response Team (PSIRT).
The prompt disclosure and coordination underscore NVIDIA’s commitment to proactive vulnerability management.
Vulnerability Details
CVE ID | Description | CVSS v3.1 Vector | Base Score | Severity | Impact |
---|---|---|---|---|---|
CVE-2025-23297 | Local unprivileged attacker can modify Frameview SDK installation files, leading to potential privilege escalation. | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | Escalation of privileges |
Affected Products and Versions
This update addresses the vulnerability in all prior versions of NVIDIA App on Windows:
- Affected Product: NVIDIA App
- Platform: Windows 10/11
- Affected Versions: All releases before 11.0.5.245
- Updated Version: 11.0.5.245
Mitigation and Remediation
To safeguard systems against exploitation, administrators and users should:
- Visit the NVIDIA App download page.
- Download version 11.0.5.245 or later.
- Follow the installation prompts to complete the upgrade.
- Reboot the system if prompted.
Applying the update closes the FrameviewSDK installation loophole and restores proper file integrity checks.
NVIDIA extends gratitude to Dong-uk Kim and JunYoung Park of KAIST Hacking Lab for responsibly disclosing CVE-2025-23297.
Their research and coordination facilitated a rapid response and update rollout.
For the latest NVIDIA security bulletins and advisories:
- Subscribe to NVIDIA Product Security notifications.
- Review current and past bulletins on the NVIDIA Product Security page.
- Report any suspected security issues in NVIDIA products to PSIRT.
- Learn about NVIDIA’s vulnerability management and incident response processes.
Keeping software up to date is the first line of defense against emerging threats.
Ensure that the NVIDIA App on your Windows systems is patched to the latest version to maintain optimal security and performance.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates