Nvidia Nvapp For Windows Vulnerability Let Attackers Execute...

NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems.

Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant security risk to Windows users running the application.

The vulnerability stems from a search path element issue within the NVIDIA App installer, classified under CWE-427.

An attacker with local access and low privileges can exploit this flaw by manipulating the search path to inject malicious code.

The vulnerability requires user interaction to trigger, but successful exploitation grants complete code execution and allows privilege escalation across the entire system.

CVE-2025-23358 with a CVSS v3.1 base score of 8.2, the vulnerability carries a High severity rating.

The attack vector is purely local, meaning an attacker must have physical or logical access to the target machine.

However, the low attack complexity, combined with the ability to escalate privileges, makes this flaw particularly dangerous in multi-user environments and corporate settings.

NVIDIA App for Windows versions before 11.0.5.260 are vulnerable to this attack. Users running any version before this patch release remain exposed to potential exploitation.

The company recommends that all affected users immediately download and install version 11.0.5.260 or later from the official NVIDIA App website to mitigate the risk.