CVE-2025-23262_CVE-2025-23262

6.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Description

NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Basic Information

ID CVE-2025-23262

Source nvidia

Published Sep 4, 2025 at 15:52

Affected Product

Vendor NVIDIA

Product ConnectX GA

Version All versions prior to 45.1020

Affected Versions NVIDIA ConnectX GA All versions prior to 45.1020
NVIDIA ConnectX LTS22 All versions prior to 35.4554
NVIDIA ConnectX LTS23 All versions prior to 39.5050
NVIDIA ConnectX LTS24 All versions prior to 43.3608
NVIDIA ConnectX-4 All versions prior to 12.28.2704
NVIDIA ConnectX-4 LX All versions prior to 14.32.1908

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.",
    "published": "2025-09-04T15:52:49.201Z",
    "modified": "2025-09-04T15:52:49.201Z",
    "type": "cve",
    "title": "CVE-2025-23262",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2025-23262\nhttps://www.cve.org/CVERecord?id=CVE-2025-23262\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5655",
    "id": "CVE-2025-23262",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA ConnectX GA All versions prior to 45.1020\nNVIDIA ConnectX LTS22 All versions prior to 35.4554\nNVIDIA ConnectX LTS23 All versions prior to 39.5050\nNVIDIA ConnectX LTS24 All versions prior to 43.3608\nNVIDIA ConnectX-4 All versions prior to 12.28.2704\nNVIDIA ConnectX-4 LX All versions prior to 14.32.1908",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ConnectX GA",
    "version": "All versions prior to 45.1020",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}