CVE-2025-23290 is a vulnerability identified in NVIDIA's Virtual GPU (vGPU) software, specifically within the Virtual GPU Manager component of the GPU display drivers versions R535 and R570. The vulnerability is classified under CWE-200, which pertains to the exposure of sensitive information to unauthorized actors. In this case, a guest virtual machine (VM) running on a host with NVIDIA vGPU software can access global GPU metrics that are influenced by the workloads of other VMs on the same physical host. This cross-VM information leakage occurs because the Virtual GPU Manager does not adequately isolate GPU metric data between guest VMs, allowing a malicious or compromised guest VM to infer or directly obtain information about the GPU usage patterns or workloads of other co-resident VMs. The vulnerability has a CVSS v3.1 base score of 2.5, indicating low severity. The vector string (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) shows that the attack requires local access (AV:L), high attack complexity (AC:H), low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and results in low confidentiality impact (C:L) with no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability primarily risks confidentiality by potentially leaking GPU workload metrics across VM boundaries, which could be used for side-channel analysis or to infer sensitive operational details of other VMs sharing the same physical GPU resources.

For European organizations utilizing NVIDIA vGPU technology in virtualized environments—such as cloud service providers, research institutions, financial services, and enterprises relying on GPU-accelerated workloads—this vulnerability could lead to unauthorized disclosure of sensitive operational data. Although the direct confidentiality impact is low, the ability to glean GPU metrics from other VMs may enable attackers to perform side-channel attacks or infer workload patterns, potentially revealing business-sensitive information or aiding in further targeted attacks. Organizations with multi-tenant environments or those employing GPU virtualization for critical workloads are at higher risk. The impact is mitigated by the requirement for local access and high attack complexity, but insider threats or compromised guest VMs could exploit this vulnerability. Given the low severity, the immediate risk is limited; however, in highly regulated sectors within Europe (e.g., finance, healthcare), even minor data leaks can have compliance and reputational consequences.

European organizations should implement the following specific mitigations: 1) Restrict and monitor access to virtualized GPU resources to trusted and authenticated users only, minimizing the risk of malicious guest VMs. 2) Employ strict VM isolation policies and network segmentation to reduce the likelihood of lateral movement and privilege escalation within the virtualized environment. 3) Regularly update NVIDIA vGPU software to the latest versions once patches addressing CVE-2025-23290 become available. 4) Use hypervisor-level security features to enforce stronger isolation between VMs, including disabling unnecessary GPU metric sharing if configurable. 5) Monitor GPU usage metrics and logs for anomalous access patterns that could indicate exploitation attempts. 6) Conduct security awareness training for administrators managing virtualized GPU environments to recognize and respond to potential insider threats. 7) Consider deploying additional security controls such as runtime application self-protection (RASP) or host-based intrusion detection systems (HIDS) to detect suspicious activities related to GPU resource access.