NVIDIA has issued a bulletin addressing multiple across the NVIDIA App for Windows and the Delegated License Service (DLS) component of the NVIDIA License System. The range from privilege escalation to denial of service and information disclosure, underscoring the risks to both end-users and enterprise deployments.
CVE-2025-23297: Privilege Escalation in NVIDIA App
The most notable issue affects the NVIDIA App installer on Windows platforms. According to the bulletin, “NVIDIA Installer for NvAPP for Windows contains a in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this might lead to escalation of privileges.”
This vulnerability is rated 7.8 and affects all versions prior to 11.0.5.245. Users should update to NVIDIA App version 11.0.5.245 to mitigate the risk.
CVE-2025-23293: Unauthenticated Access in NVIDIA DLS
A far more severe lies in the NVIDIA Delegated License Service (DLS). The bulletin warns: “NVIDIA DLS for all appliance platforms contains a vulnerability where an unauthenticated user can access sensitive information, which could cause commands to be run on the system. A successful exploit of this vulnerability might lead to denial of service.”
With a CVSS base score of 8.7, this vulnerability represents a serious risk in enterprise environments where NVIDIA’s license system is deployed for managing GPU resources.
CVE-2025-23292: SQL Injection in DLS
Another issue, CVE-2025-23292, involves a SQL injection vulnerability in the DLS. NVIDIA explains that “an attacker could cause an unauthorized action. A successful exploit of this vulnerability might lead to partial denial of service.”
This carries a CVSS score of 4.6, making it a moderate risk, but still significant in high-value enterprise contexts.
CVE-2025-23291: Information Disclosure
The third DLS-related flaw, CVE-2025-23291, is an information disclosure vulnerability. As stated in the advisory: “NVIDIA DLS for all appliance platforms contains a vulnerability where an attacker could cause an unauthorized action. A successful exploit of this vulnerability might lead to information disclosure.”
With a CVSS score of 2.4, this issue is less critical, but still requires patching as part of defense-in-depth.
Fixed Versions and Upgrade Guidance
NVIDIA has released patched versions addressing all the above :
- NVIDIA App (Windows 10/11): Upgrade to v11.0.5.245 or later.
- NVIDIA DLS (all appliance platforms): Upgrade to v3.5.1 or v3.1.7, depending on the deployment.
Administrators are advised to follow the migration guidance in the NVIDIA License System User Guide to streamline the upgrade process.
