NVIDIA NVApp for Windows Vulnerability Allows Malicious Code to Be Executed by Attackers
NVIDIA NVApp for Windows Vulnerability Allows Malicious Code to Be Executed by Attackers
A serious flaw in NVIDIA’s Windows app has been fixed, preventing local attackers from running arbitrary code and gaining more rights on impacted devices
The installer component has a bug that is tracked as CVE-2025-23358. For Windows users using the program, it presents a serious security risk.
The NVIDIA App installer’s search path element problem, which is categorized under CWE-427, is the source of the vulnerability.
By altering the search path to insert malicious code, an attacker with low privileges and local access can take advantage of this vulnerability.
Vulnerability Details and Technical Impact
Although the vulnerability must be activated by the user, if it is successfully exploited, full code execution and system-wide privilege escalation are made possible.
CVE-2025-23358 has a high severity rating with a CVSS v3.1 base score of 8.2.
Since the attack vector is only local, the target machine must be physically or logically accessible to the attacker.
However, this vulnerability is especially risky in corporate and multi-user systems due to its minimal attack complexity and ability to escalate privileges.
This attack can affect the NVIDIA App for Windows versions prior to 11.0.5.260. Users who were using any version prior to this patch release are still vulnerable to possible exploitation.
To reduce the risk, the company advises all impacted users to download and install version 11.0.5.260 or later right away from the official NVIDIA App website.
| CVE ID | Affected Product | Severity | CVSS Score |
| CVE-2025-23358 | NVIDIA App for Windows (all versions prior to 11.0.5.260) | High | 8.2 |
This issue highlights how crucial it is to update third-party software, even for add-on programs like NVIDIA’s utility software.
Because installer components usually operate with elevated rights during installation, attackers often target them.
Download the most recent version of the NVIDIA App from the official NVIDIA App website to safeguard your system. The code execution vector is removed, and the search path handling problem is directly addressed by the fix.
Installing this update throughout their infrastructure should be a top priority for companies that oversee several NVIDIA-equipped workstations.
To find systems using outdated NVIDIA App versions and organize quick patching, security teams should check their software inventory.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.
Read More:
Digital Arrest Fraud Made Kochi Doctor Lose ₹1.3 Crore Run by CBI Impersonators
About Author
English