CVE-2025-23299

Summary

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
NVIDIABlueField GAAll versions prior to 46.1006affected
NVIDIABlueField LTS22All versions prior to 35.4554affected
NVIDIABlueField LTS23All versions prior to 39.5050affected
NVIDIABlueField LTS24All versions prior to 43.3608affected
NVIDIAConnectX GAAll versions prior to 46.1006affected
NVIDIAConnectX LTS22All versions prior to 35.4554affected
NVIDIAConnectX LTS23All versions prior to 39.5050affected
NVIDIAConnectX LTS24All versions prior to 43.3608affected
NVIDIAConnectX-4 LXAll versions prior to 32.1908affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References