Introduction
Attackers with local access to GeForce RTX systems running NVIDIA Project G-Assist can leverage a permissions misconfiguration to escalate privileges and potentially execute arbitrary code. This vulnerability, tracked as CVE-2025-23347, impacts a wide range of consumer and enterprise deployments where G-Assist is enabled, making it a significant concern for organizations and individuals relying on NVIDIA's AI assistant technology.
About NVIDIA and Project G-Assist: NVIDIA is a dominant force in the GPU and AI hardware market, powering gaming, professional visualization, and data center workloads globally. Project G-Assist is NVIDIA's on-device AI assistant for RTX PCs, designed to optimize system performance and provide voice or text-based control over hardware and software settings. With millions of GeForce RTX systems in use, vulnerabilities in G-Assist have broad implications for both security and operational integrity.
Technical Information
CVE-2025-23347 arises from incorrect default permissions (CWE-276) set on files or directories during the installation of NVIDIA Project G-Assist components. The installation process creates or configures certain files and directories with permissions that are too permissive, allowing low-privileged local users to write to locations that should be restricted to administrative or system accounts. This misconfiguration enables attackers with local access to:
- Modify or replace G-Assist component files
- Escalate privileges by executing malicious code with elevated permissions
- Tamper with configuration or operational data
- Potentially cause denial of service or information disclosure
The vulnerability requires local access and user interaction, reflecting a CVSS vector of AV:L/AC:L/PR:L/UI:R. Attackers must have a low-privilege account on a system where G-Assist is installed and enabled via the NVIDIA App. The issue affects both Windows (Windows 10 and 11) and supported Linux distributions, depending on the installed NVIDIA GPU Display Driver version.
Root cause: During installation, certain directories or files are created with permissions that allow regular users to write or modify them. This violates the principle of least privilege and exposes critical components to tampering. The vulnerable permissions could be on configuration files, caches, plugins, or driver components associated with G-Assist.
No public code snippets or exploit scripts are available as of this writing.
Affected Systems and Versions
- NVIDIA Project G-Assist enabled via NVIDIA App
- GeForce RTX 30, 40, and 50 series desktop GPUs (12GB+ VRAM)
- GeForce RTX laptop GPUs (6GB+ VRAM)
- Windows 10 and Windows 11
- Supported Linux distributions
- NVIDIA GPU Display Driver versions:
- R580 branch: versions before 581.42 (Windows), before 580.95.05 (Linux)
- R570 branch: versions before 573.76 (Windows), before 570.195.03 (Linux)
- R535 branch: versions before 539.56 (Windows), before 535.274.02 (Linux)
Systems with Project G-Assist installed and enabled, running any of the above vulnerable driver versions, are affected.
Vendor Security History
NVIDIA maintains a formal Product Security Incident Response Team (PSIRT) and regularly publishes security bulletins. The October 2025 bulletin disclosed multiple vulnerabilities, including CVE-2025-23347 and others such as CVE-2025-23309 (DLL loading path issue) and CVE-2025-23280 (use-after-free in Linux drivers). NVIDIA typically releases patches promptly and distributes advisories in multiple formats. The presence of several related privilege escalation and code execution vulnerabilities in this cycle suggests ongoing improvements in NVIDIA's vulnerability management and disclosure processes.
