NVIDIA Patches Vulnerabilities Causing DoS, EoP, and Data Exposure
gbhackersNVIDIA today released critical security updates for its BlueField, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux, and NVOS products.
The Partner Security Bulletin addresses multiple vulnerabilities that could allow denial of service (DoS), escalation of privileges (EoP), and information disclosure.
Customers are urged to download and install updated components immediately to protect their systems.
To get the fixes, visit the NVIDIA Product Security portal. Evaluation version users should contact their account manager for NVOnline access.
Below is a summary of the vulnerabilities and their impacts.
Vulnerability Summary
| CVE ID | CVSS v3.1 Score | Severity | Impacts |
| CVE-2025-23256 | 8.7 | High | EoP, DoS, disclosure, data tampering |
| CVE-2025-23257 | 7.3 | High | EoP |
| CVE-2025-23258 | 7.3 | High | EoP |
| CVE-2025-23259 | 6.5 | Medium | Disclosure, DoS |
| CVE-2025-23262 | 6.3 | Medium | EoP, DoS, disclosure, data tampering |
| CVE-2025-23261 | 5.5 | Medium | Information disclosure |
Affected Products and Fixed Versions
- BlueField: All versions prior to 45.1020 (GA) and corresponding LTS ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE