Nvidia Riva Vulnerabilities Expose AI Services to Security Risks

Nvidia has addressed security vulnerabilities in its Riva AI services, which were discovered by Trend Micro. These vulnerabilities, identified as CVE-2025-23242 and CVE-2025-23243, were found in Riva deployments across multiple organizations, potentially allowing unauthorized access and misuse of AI-powered inference services such as speech recognition and text-to-speech processing according to Trend Micro.

The vulnerabilities were primarily due to misconfigured API endpoints that lacked authentication, leaving them open to exploitation. This could result in unauthorized use of GPU resources and API keys, as well as increased risks of data leakage and denial-of-service attacks. Organizations using these services are advised to review their configurations and ensure they are running the latest version of the Riva framework.

Trend Micro recommends implementing secure API gateways, network segmentation, and strong authentication mechanisms to mitigate these risks. Additionally, keeping the Riva framework and its dependencies updated is crucial to protect against known vulnerabilities and potential exploits.