A critical security vulnerability has been discovered in NVIDIA’s Riva framework an AI-powered speech and translation system affecting cloud deployments running versions up to 2.18.0.

According to the Researcher, two CVEs (CVE-2025-23242 and CVE-2025-23243) stem from default misconfigurations that expose Riva’s gRPC (port 50051) and Triton Inference Server endpoints (ports 8000–8002) to the public internet. These flaws allow attackers to bypass authentication and connect to sensitive APIs without credentials, enabling unauthorized access, GPU resource abuse, theft of proprietary AI models, and denial-of-service (DoS) attacks.

The root cause lies in Riva’s default container behavior, which binds services to all network interfaces (0.0.0.0) without enforcing client authentication. Even when SSL/TLS encryption is enabled, the lack of mutual certificate validation creates a false sense of security. This misconfiguration allows attackers to exploit services by making arbitrary inference requests, potentially stealing API keys or running unauthorized workloads such as cryptomining. An example Python snippet provided by researchers illustrates how attackers can invoke text-to-speech APIs without authentication.

Further compounding the risk is the exposure of Triton Inference Server endpoints, which support HTTP/REST and gRPC APIs. Malformed inference requests to unpatched Triton versions can trigger buffer overflows, introducing the risk of memory corruption and remote code execution. Since Riva containers often run with elevated privileges, successful exploitation could allow attackers to escalate privileges within cloud environments or Kubernetes clusters, posing serious operational and financial threats.

To mitigate these vulnerabilities, Researcher recommends upgrading to Riva version 2.19.0, which adds client certificate validation and network isolation features. Additionally, administrators must reconfigure security groups to limit access to trusted IP ranges and enforce role-based access controls (RBAC) for Triton APIs. This incident highlights the urgent need for secure-by-default deployments and zero-trust security practices in GPU-accelerated, AI-integrated cloud infrastructures.