📅 Sep 3, 2025 ✍️ Cybernoz 📁 GBHackers 💬 0 ⏱️ 2 min

NVIDIA Patches Vulnerabilities Causing DoS, EoP, and Data Exposure

NVIDIA Patches Vulnerabilities Causing DoS, EoP, and Data Exposure

NVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products.

The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of privileges (EoP), and information disclosure.

Customers are urged to download and install updated components immediately to protect their systems.

To get the fixes, visit the NVIDIA Product Security portal. Evaluation version users should contact their account manager for NVOnline access.

Below is a summary of the vulnerabilities and their impacts.

Vulnerability Summary

CVE ID CVSS v3.1 Score Severity Impacts
CVE-2025-23256 8.7 High EoP, DoS, disclosure, data tampering
CVE-2025-23257 7.3 High EoP
CVE-2025-23258 7.3 High EoP
CVE-2025-23259 6.5 Medium Disclosure, DoS
CVE-2025-23262 6.3 Medium EoP, DoS, disclosure, data tampering
CVE-2025-23261 5.5 Medium Information disclosure

Affected Products and Fixed Versions

  • BlueField: All versions prior to 45.1020 (GA) and corresponding LTS releases. Updated to 45.1020 (GA), 35.4554, 39.5050, or 43.3608 depending on branch.
  • DOCA: Debian-based collectx-clxapidev and collectx-dpeserver packages updated to 2.9.3, 2.5.4, and 3.0.0.
  • Mellanox DPDK: Versions prior to 22.11_2504.1.0, 22.11_2410.4.0 LTS, 22.11_2310.6.0 LTS, and various upstream releases. Updated to 25.07 and corresponding LTS builds.
  • ConnectX: GA and LTS versions updated to 45.1020, 35.4554, 39.5050, 43.3608; ConnectX-4 updates planned by end of September.
  • Cumulus Linux & NVOS: NVOS branches 25.02.xx updated to 25.02.42xx; Cumulus Linux updated to 5.13, 5.11.1.1009, 5.9.2.0020, and related builds.

Mitigation and Recommendations

  1. Update Immediately: Install the latest firmware and software versions listed above.
  2. Review Logs: For CVE-2025-23261, sanitize and remove any exposed passwords from existing logs.
  3. Access Control: Limit local access to management interfaces on BlueField and ConnectX devices.
  4. Contact Support: For early access or assistance, reach out to your NVIDIA account manager.

By applying these updates, organizations can safeguard critical networking components from service disruption, privilege breaches, and data leaks.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.


Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.