CVE-2025-23256

Summary

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIABlueField GAAll versions prior to 45.1020affected
NVIDIABlueField LTS22All versions prior to 35.4554affected
NVIDIABlueField LTS23All versions prior to 39.5050affected
NVIDIABlueField LTS24All versions prior to 43.3608affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References