7.8
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to _Cisco 's third-party vulnerability disclosure policy_.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.
## **Nvidia vulnerabilities**
_Discovered by Dimitrios Tatsis of Cisco Talos._
Nvidia is a large technology company developing graphics cards, chip systems, and applications for AI and high performance computing. Talos has found 5 vulnerabilities in the CUDA Toolkit, a development environment for developing GPU-accelerated applications.
_TALOS-2025-2155_ (CVE-2025-23339) is an arbitrary code execution vulnerability in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55. A specially crafted fatbin file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2169_ (CVE-2025-23338) is an improper array index validation vulnerability in the symbol table parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2172_ (CVE-2025-23340) is an out-of-bounds write vulnerability in the RELA section parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2191_ (CVE-2025-23271), a heap-based buffer overflow vulnerability, and _TALOS-2025-2204_ (CVE-2025-23308), an out-of-bounds write vulnerability, exist in the REL section header parsing functionality of NVIDIA nvdisasm 12.8.90. Specially crafted ELF files can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.
## **Adobe use-after-free vulnerability**
_Discovered by KPC of Cisco Talos._
Adobe Acrobat Reader is one of the most popular PDF reading software currently available.
Talos discovered _TALOS-2025-2222_ (CVE-2025-54257), a use-after-free vulnerability in the page property functionality of Adobe Acrobat Reader 2025.001.20531. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and could result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to _Cisco 's third-party vulnerability disclosure policy_.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.
## **Nvidia vulnerabilities**
_Discovered by Dimitrios Tatsis of Cisco Talos._
Nvidia is a large technology company developing graphics cards, chip systems, and applications for AI and high performance computing. Talos has found 5 vulnerabilities in the CUDA Toolkit, a development environment for developing GPU-accelerated applications.
_TALOS-2025-2155_ (CVE-2025-23339) is an arbitrary code execution vulnerability in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55. A specially crafted fatbin file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2169_ (CVE-2025-23338) is an improper array index validation vulnerability in the symbol table parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2172_ (CVE-2025-23340) is an out-of-bounds write vulnerability in the RELA section parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
_TALOS-2025-2191_ (CVE-2025-23271), a heap-based buffer overflow vulnerability, and _TALOS-2025-2204_ (CVE-2025-23308), an out-of-bounds write vulnerability, exist in the REL section header parsing functionality of NVIDIA nvdisasm 12.8.90. Specially crafted ELF files can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.
## **Adobe use-after-free vulnerability**
_Discovered by KPC of Cisco Talos._
Adobe Acrobat Reader is one of the most popular PDF reading software currently available.
Talos discovered _TALOS-2025-2222_ (CVE-2025-54257), a use-after-free vulnerability in the page property functionality of Adobe Acrobat Reader 2025.001.20531. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and could result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Basic Information
ID
TALOSBLOG:331CC14FF4D693AF4A09E5365B75CD01
Published
Oct 1, 2025 at 18:37