CVE-2025-23262

Summary

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIAConnectX GAAll versions prior to 45.1020affected
NVIDIAConnectX LTS22All versions prior to 35.4554affected
NVIDIAConnectX LTS23All versions prior to 39.5050affected
NVIDIAConnectX LTS24All versions prior to 43.3608affected
NVIDIAConnectX-4All versions prior to 12.28.2704affected
NVIDIAConnectX-4 LXAll versions prior to 14.32.1908affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References