CVE Catalog

CVE-2025-23350

CriticalCVSS 9.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A vulnerability in the command interface of NVIDIA ConnectX and BlueField allows a local user with virtual function (VF) access to cause a write out of bounds via crafted input. Successful exploitation may lead to arbitrary code execution on the device.

Risk Assessment

The risk involves potential takeover of the network card by a local user with VF privileges, which could lead to privilege escalation and compromise of the entire network infrastructure.

Recommendation

It is recommended to immediately apply patches provided by NVIDIA for affected software versions and restrict virtual function access to trusted users only.

Original NVD description (English source)

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS