CVE-2025-23299 | THREATINT

Description

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

PUBLISHED Reserved 2025-01-14 | Published 2025-10-22 | Updated 2025-10-22 | Assigner nvidia

MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status

unaffected

All versions prior to 46.1006

affected

Default status

unaffected

All versions prior to 35.4554

affected

Default status

unaffected

All versions prior to 39.5050

affected

Default status

unaffected

All versions prior to 43.3608

affected

Default status

unaffected

All versions prior to 46.1006

affected

Default status

unaffected

All versions prior to 35.4554

affected

Default status

unaffected

All versions prior to 39.5050

affected

Default status

unaffected

All versions prior to 43.3608

affected

Default status

unaffected

All versions prior to 32.1908

affected

References

nvd.nist.gov/vuln/detail/CVE-2025-23299

www.cve.org/CVERecord?id=CVE-2025-23299

nvidia.custhelp.com/app/answers/detail/a_id/5684

cve.org (CVE-2025-23299)

nvd.nist.gov (CVE-2025-23299)

Download JSON