Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant security risk to Windows users running the application.
The vulnerability stems from a search path element issue within the NVIDIA App installer, classified under CWE-427.
An attacker with local access and low privileges can exploit this flaw by manipulating the search path to inject malicious code.
The vulnerability requires user interaction to trigger, but successful exploitation grants complete code execution and allows privilege escalation across the entire system.
CVE-2025-23358 with a CVSS v3.1 base score of 8.2, the vulnerability carries a High severity rating.
The attack vector is purely local, meaning an attacker must have physical or logical access to the target machine.
However, the low attack complexity, combined with the ability to escalate privileges, makes this flaw particularly dangerous in multi-user environments and corporate settings.
NVIDIA App for Windows versions before 11.0.5.260 are vulnerable to this attack. Users running any version before this patch release remain exposed to potential exploitation.
The company recommends that all affected users immediately download and install version 11.0.5.260 or later from the official NVIDIA App website to mitigate the risk.
| CVE ID | Affected Product | Severity | CVSS Score |
|---|---|---|---|
| CVE-2025-23358 | NVIDIA App for Windows (all versions prior to 11.0.5.260) | High | 8.2 |
This vulnerability underscores the importance of keeping third-party software up to date, even for supplementary applications like NVIDIA’s utility software.
Attackers frequently target installer components because they often run with elevated privileges during installation.
To protect your system, download the latest NVIDIA App version from the official NVIDIA App site. The patch directly addresses the search path handling issue and eliminates the code execution vector.
Organizations managing multiple NVIDIA-equipped workstations should prioritize deploying this update across their infrastructure.
Security teams should verify their software inventory to identify systems running older NVIDIA App versions and coordinate rapid patching efforts.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.
The Winnebago County Coroner's Office has identified a man who was found in a wooded…
The second Bucks County Punk Rock Flea Market will be held Saturday to celebrate and…
Popeyes and One Piece have collaborated on a special menu and range of collectibles that…
WEST LAFAYETTE, Ind. (WOWO) — A graduate of Purdue University stepped into an important role…
INDIANAPOLIS, Ind. (WOWO) — The 110th Indianapolis 500 is getting close, and you can already…
Elmer, a street vendor from Honduras, said he saw three immigrants arrested by federal agents…
This website uses cookies.