CVE-2025-23260 is a vulnerability identified in NVIDIA AIStore, specifically within the AIS Operator component. The issue stems from incorrect privilege assignment (CWE-266), where the ServiceAccount associated with a ClusterRole in a Kubernetes (k8s) cluster is configured in a way that allows a user to escalate privileges beyond their intended scope. This misconfiguration enables an attacker with limited privileges to leverage the ServiceAccount to gain elevated access to the Kubernetes cluster. The vulnerability affects all versions of NVIDIA AIStore prior to 2.3.0. Exploitation does not require user interaction and can be performed remotely (AV:N), with low attack complexity (AC:L), but requires some level of privileges (PR:L). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially compromised component. The impact is primarily on confidentiality (C:L), with no direct impact on integrity or availability. Although no known exploits are currently observed in the wild, the vulnerability poses a risk of unauthorized information disclosure through privilege escalation within Kubernetes environments running AIStore. The vulnerability was published on June 24, 2025, and carries a CVSS 3.1 base score of 5.0, categorized as medium severity. This vulnerability is significant in environments where NVIDIA AIStore is deployed in Kubernetes clusters, especially in organizations relying on AIStore for scalable AI data storage and management, as unauthorized access to the cluster could expose sensitive data or enable further lateral movement within the infrastructure.

For European organizations, the vulnerability presents a moderate risk primarily related to confidentiality breaches within Kubernetes environments deploying NVIDIA AIStore. Organizations using AIStore in AI and data-intensive applications could face unauthorized disclosure of sensitive data stored or processed within the cluster. The privilege escalation could also facilitate further attacks, such as lateral movement or reconnaissance, potentially leading to broader security incidents. Given the increasing adoption of Kubernetes and AIStore in sectors like finance, healthcare, manufacturing, and research across Europe, exploitation could disrupt critical operations or compromise intellectual property. While the vulnerability does not directly affect integrity or availability, the elevated access could be leveraged to stage more severe attacks. The medium CVSS score reflects the balance between the requirement for some privileges to exploit and the significant impact on confidentiality and cluster security. Organizations with stringent data protection regulations, such as GDPR, may face compliance risks if sensitive data is exposed due to this vulnerability.

1. Upgrade NVIDIA AIStore to version 2.3.0 or later, where this privilege assignment issue has been addressed. 2. Review and audit Kubernetes Role-Based Access Control (RBAC) configurations, specifically the ServiceAccounts and ClusterRoles associated with AIStore components, to ensure least privilege principles are enforced. 3. Implement strict monitoring and alerting on Kubernetes API server access and privilege escalations, focusing on unusual ServiceAccount usage or cluster role bindings. 4. Use Kubernetes Pod Security Policies or equivalent admission controllers to restrict the capabilities of pods running AIStore components. 5. Regularly rotate Kubernetes ServiceAccount tokens and credentials to limit the window of opportunity for exploitation. 6. Conduct penetration testing and vulnerability assessments on Kubernetes clusters running AIStore to detect potential privilege escalation paths. 7. Isolate AIStore workloads in dedicated namespaces with minimal privileges and network segmentation to reduce the blast radius of any compromise. 8. Maintain up-to-date inventory of AIStore deployments and ensure timely application of security patches and configuration hardening.