9
/ 10
CRITICAL
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Description
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
Basic Information
ID
CVE-2025-23350
Source
nvidia
Published
Jul 1, 2026 at 14:36
Modified
Jul 1, 2026 at 16:03
Affected Product
Vendor
NVIDIA
Product
BlueField GA
Version
All versions prior to 46.3008
Affected Versions
NVIDIA BlueField GA All versions prior to 46.3008
NVIDIA BlueField LTS22 All versions prior to 35.8002
NVIDIA BlueField LTS23 All versions prior to 39.8002
NVIDIA BlueField LTS24 All versions prior to 43.8002
NVIDIA ConnectX GA All versions prior to 46.3008
NVIDIA ConnectX LTS22 All versions prior to 35.8002
NVIDIA ConnectX LTS23 All versions prior to 39.8002
NVIDIA ConnectX LTS24 All versions prior to 43.8002
NVIDIA BlueField LTS22 All versions prior to 35.8002
NVIDIA BlueField LTS23 All versions prior to 39.8002
NVIDIA BlueField LTS24 All versions prior to 43.8002
NVIDIA ConnectX GA All versions prior to 46.3008
NVIDIA ConnectX LTS22 All versions prior to 35.8002
NVIDIA ConnectX LTS23 All versions prior to 39.8002
NVIDIA ConnectX LTS24 All versions prior to 43.8002