The update, detailed in a March 10, 2025 security bulletin, impacts all Linux deployments running Riva versions ≤2.18.0 and follows coordinated disclosure with Trend Micro’s David Fiser and Alfredo Oliveira researchers. NVIDIA has issued a significant software update for its Riva speech AI platform, releasing version 2.19.0 to resolve two high-severity vulnerabilities (CVE-2025-23242 and CVE-2025-23243) involving improper access control mechanisms. Both vulnerabilities stem from insufficient validation of gRPC request headers in Riva’s microservice architecture, as confirmed by NVIDIA’s Product Security Incident Response Team (PSIRT). NVIDIA plans to introduce automated vulnerability scanning for Riva model repositories in Q2 2025 as part of its enhanced security roadmap. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. NVIDIA mandates an immediate upgrade to Riva 2.19.0, introducing enhanced role-based access control (RBAC) policies and hardened gRPC authentication protocols. Organizations using custom voice fonts or domain-specific language models should validate acoustic properties post-upgrade, as the security patches modify low-level audio processing threads. CVE-2025-23243 (CVSS 6.5) presents a more limited but still critical risk profile, enabling unauthenticated actors to trigger denial-of-service conditions or tamper with text normalization outputs in neural machine translation (NMT) services. NVIDIA’s advisory emphasizes that these vulnerabilities affect all prior Riva versions, including Long-Term Support (LTS) branches. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Mar 2025 13:25:17 +0000