Introduction
Attackers can use the NVIDIA Installer for Windows to gain administrator privileges, execute arbitrary code, or tamper with system data if systems are not patched. This vulnerability impacts a wide range of NVIDIA GPU drivers and is relevant for any organization or user running NVIDIA hardware on Windows.
NVIDIA is a global leader in graphics processing technology, with products powering gaming, professional visualization, AI, and data center workloads. The company's drivers are deployed on millions of systems worldwide, making vulnerabilities in this ecosystem highly significant for both enterprise and consumer environments.
Technical Information
CVE-2025-23276 is a privilege escalation vulnerability in the NVIDIA Installer for Windows. The root cause is improper access control over files or directories during installation or update, classified as CWE-552 (Files or Directories Accessible to External Parties). When the installer is executed, it creates or modifies files and directories with permissions that are too broad. A local attacker can exploit this by placing malicious files or manipulating installer-created resources while the process runs with elevated privileges. This can lead to privilege escalation, arbitrary code execution, information disclosure, data tampering, or denial of service. The vulnerability is only exploitable locally and does not allow remote code execution by itself. No public code or exploit samples are available for this issue.
Patch Information
NVIDIA has addressed CVE-2025-23276 in their July 2025 security update. The following fixed versions are available:
- R575 driver series: Update to 577.00 or later
- R570 driver series: Update to 573.48 or later
- R535 driver series: Update to 539.41 or later
- vGPU software: Update to vGPU 18.4 (573.48) or 16.11 (539.41) or later
All users and administrators should upgrade to these versions or newer. Updates are available via the NVIDIA Security Bulletin and official driver download portals. For further details and a list of all vulnerabilities addressed in this update, see SecurityOnline.info.
Affected Systems and Versions
- NVIDIA GPU Display Driver for Windows (GeForce, Quadro, NVS, Tesla):
- R575: All versions before 577.00
- R570: All versions before 573.48
- R535: All versions before 539.41
- NVIDIA vGPU Software:
- All versions prior to 18.4 (573.48) and 16.11 (539.41) across Windows, Linux, Citrix, VMware, and Azure Stack HCI
Systems running any of the above versions are vulnerable if the NVIDIA Installer for Windows is used.
Vendor Security History
NVIDIA regularly discloses and patches vulnerabilities in their GPU drivers and vGPU software. Recent years have seen privilege escalation flaws, container escape vulnerabilities (such as CVE-2025-23266 "NVIDIAScape"), and improper access control issues. The company typically releases coordinated security bulletins addressing multiple issues at once, reflecting a mature vulnerability management process but also the complexity of their driver ecosystem.