CVE-2025-23261

Summary

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.

Affected Software

VendorProductVersion RangeStatus
NVIDIANVOSNVOS 25.02.21xx, 25.02.22xx, 25.02.23xxaffected
NVIDIACumulus LinuxCumulus Linux 5.12, 5.11, 5.10, 5.9 and olderaffected
NVIDIANVOSNVOS 25.02.3xxxaffected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References