CVE-2025-23299_CVE-2025-23299

6.7 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

Basic Information

ID CVE-2025-23299

Source nvidia

Published Oct 22, 2025 at 15:14

Modified Oct 22, 2025 at 17:54

Affected Product

Vendor NVIDIA

Product BlueField GA

Version All versions prior to 46.1006

Affected Versions NVIDIA BlueField GA All versions prior to 46.1006
NVIDIA BlueField LTS22 All versions prior to 35.4554
NVIDIA BlueField LTS23 All versions prior to 39.5050
NVIDIA BlueField LTS24 All versions prior to 43.3608
NVIDIA ConnectX GA All versions prior to 46.1006
NVIDIA ConnectX LTS22 All versions prior to 35.4554
NVIDIA ConnectX LTS23 All versions prior to 39.5050
NVIDIA ConnectX LTS24 All versions prior to 43.3608
NVIDIA ConnectX-4 LX All versions prior to 32.1908

CWE Classification

CWE-787

References

{
    "lastseen": "",
    "description": "NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.",
    "published": "2025-10-22T15:14:10.015Z",
    "modified": "2025-10-22T17:54:09.412Z",
    "type": "cve",
    "title": "CVE-2025-23299",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2025-23299\nhttps://www.cve.org/CVERecord?id=CVE-2025-23299\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5684",
    "id": "CVE-2025-23299",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA BlueField GA All versions prior to 46.1006\nNVIDIA BlueField LTS22 All versions prior to 35.4554\nNVIDIA BlueField LTS23 All versions prior to 39.5050\nNVIDIA BlueField LTS24 All versions prior to 43.3608\nNVIDIA ConnectX GA All versions prior to 46.1006\nNVIDIA ConnectX LTS22 All versions prior to 35.4554\nNVIDIA ConnectX LTS23 All versions prior to 39.5050\nNVIDIA ConnectX LTS24 All versions prior to 43.3608\nNVIDIA ConnectX-4 LX All versions prior to 32.1908",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BlueField GA",
    "version": "All versions prior to 46.1006",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}