CVE-2025-23263

Summary

NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

Affected Software

VendorProductVersion RangeStatus
NVIDIADOCA-Host and Mellanox OFEDDOCA-Host All versions prior to 2.5.4-0.0.9affected
NVIDIADOCA-Host and Mellanox OFEDDOCA-Host All versions prior to 2.9.3-0.2.2affected
NVIDIADOCA-Host and Mellanox OFEDDOCA-Host All versions prior to 3.0.0-058001affected
NVIDIADOCA-Host and Mellanox OFEDMellanox OFED All versions prior to 5.8-7.0.6.1affected
NVIDIADOCA-Host and Mellanox OFEDMellanox OFED All versions prior to 23.10-5.1.4.0affected
NVIDIADOCA-Host and Mellanox OFEDMellanox OFED All versions prior to 24.10-3.2.5.0affected

Weaknesses

  • CWE-279: CWE-279: Incorrect Execution-Assigned Permissions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References