A high-severity vulnerability has been identified in the NVIDIA NVApp installer for Windows, designated CVE-2025-23358. This flaw allows a local attacker who has already gained initial access to a system to escalate their privileges by executing malicious code, potentially leading to a full system compromise. Organizations are urged to apply the necessary security updates provided by NVIDIA to mitigate this risk.

The vulnerability exists within the NVIDIA NVApp installer for Windows due to an uncontrolled search path element issue, commonly known as DLL hijacking. An attacker with local user access can place a specially crafted malicious DLL file in a location that the installer searches before the legitimate directory. When a privileged user or the system runs the installer, it inadvertently loads and executes the attacker's malicious DLL, granting the attacker's code the same high-level permissions as the installer, typically SYSTEM-level privileges.

This vulnerability is rated as High severity with a CVSS score of 8.2. While exploitation requires an attacker to have prior local access to a machine, it provides a direct path for privilege escalation. Successful exploitation could allow an attacker to bypass security controls, install persistent malware or ransomware, exfiltrate sensitive data, and gain complete control over the affected system. This poses a significant risk of data breaches, operational disruption, and compromise of critical assets within the organization.

Immediate Action:

• Apply the security updates released by NVIDIA to all affected Windows systems immediately.
• Prioritize patching on multi-user systems and critical servers where local access by different users is common.

Proactive Monitoring:

• Monitor for suspicious process creation originating from the NVIDIA installer executable.
• Use Endpoint Detection and Response (EDR) tools to look for unexpected DLL loads by the installer process, especially from user-writable directories.
• Review system and application logs for unauthorized file creation or modification in system-wide search path directories immediately preceding the execution of the NVIDIA installer.

Compensating Controls:

• If immediate patching is not feasible, implement application whitelisting (e.g., AppLocker) to prevent the execution of unauthorized DLLs.
• Restrict user write permissions in directories included in the system's search path.
• Ensure that installers are only executed from trusted, read-only locations.

Public Exploit Available: false

Given the high severity (CVSS 8.2) and the potential for complete system compromise, it is strongly recommended that organizations prioritize the deployment of NVIDIA's security updates across all vulnerable endpoints. Although this vulnerability requires local access and is not currently known to be actively exploited, it represents a critical link in potential attack chains. Prompt patching is the most effective measure to close this security gap and prevent attackers from escalating privileges within the environment.