CVE 9 CRITICAL

CVE-2025-23350_CVE-2025-23350

9 / 10
CRITICAL
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Basic Information

ID CVE-2025-23350
Source nvidia
Published Jul 1, 2026 at 14:36
Modified Jul 1, 2026 at 16:03

Affected Product

Vendor NVIDIA
Product BlueField GA
Version All versions prior to 46.3008
Affected Versions NVIDIA BlueField GA All versions prior to 46.3008
NVIDIA BlueField LTS22 All versions prior to 35.8002
NVIDIA BlueField LTS23 All versions prior to 39.8002
NVIDIA BlueField LTS24 All versions prior to 43.8002
NVIDIA ConnectX GA All versions prior to 46.3008
NVIDIA ConnectX LTS22 All versions prior to 35.8002
NVIDIA ConnectX LTS23 All versions prior to 39.8002
NVIDIA ConnectX LTS24 All versions prior to 43.8002

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.