NVIDIA recently addressed a serious security vulnerability (CVE-2025-23358) in its App for Windows, which could enable local attackers to execute arbitrary code and gain elevated privileges. The vulnerability, tracked with a CVSS v3.1 base score of 8.2, is classified as high severity and is due to an issue in the installer’s search path element. While the flaw requires user interaction to exploit, its existence in previous versions prior to 11.0.5.260 leaves many users vulnerable.
Exploitation of this vulnerability could lead to complete code execution and privilege escalation within the system, making it particularly dangerous in environments where multiple users have access. The ability for an attacker with low privileges to manipulate the search path for code injection underscores the need for vigilance in maintaining up-to-date software, especially third-party utilities like NVIDIA’s.
To mitigate potential threats, users are strongly urged to upgrade to the patched version 11.0.5.260 or later. Organizations should prioritize patching efforts for multiple workstations to ensure compliance and safety across their infrastructure, verifying software inventories for vulnerable versions as a precautionary measure.
👉 Pročitaj original: Cyber Security News
