Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.     

Nvidia vulnerabilities

Discovered by Dimitrios Tatsis of Cisco Talos.

Nvidia is a large technology company developing graphics cards, chip systems, and applications for AI and high performance computing. Talos has found 5 vulnerabilities in the CUDA Toolkit, a development environment for developing GPU-accelerated applications.

TALOS-2025-2155 (CVE-2025-23339) is an arbitrary code execution vulnerability in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55. A specially crafted fatbin file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

TALOS-2025-2169 (CVE-2025-23338) is an improper array index validation vulnerability in the symbol table parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

TALOS-2025-2172 (CVE-2025-23340) is an out-of-bounds write vulnerability in the RELA section parsing functionality of NVIDIA nvdisasm 12.8.90. A specially crafted ELF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

TALOS-2025-2191 (CVE-2025-23271), a heap-based buffer overflow vulnerability, and TALOS-2025-2204 (CVE-2025-23308), an out-of-bounds write vulnerability, exist in the REL section header parsing functionality of NVIDIA nvdisasm 12.8.90. Specially crafted ELF files can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.

Adobe use-after-free vulnerability

Discovered by KPC of Cisco Talos.

Adobe Acrobat Reader is one of the most popular PDF reading software currently available.

Talos discovered TALOS-2025-2222 (CVE-2025-54257), a use-after-free vulnerability in the page property functionality of Adobe Acrobat Reader 2025.001.20531. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and could result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.

Cisco Talos Blog – ​Read More