CVE-2025-23257
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: NVIDIA Corporation

Description
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-23257
EUVD
EUVD-2025-26734
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
nvidia cumulus_linux 5.11.0.0026
nvidia cumulus_linux 5.10
nvidia nvos 25.02.22xx
nvidia nvos 25.02.42xx
nvidia nvos 25.02.3xxx
nvidia nvos 25.02.4xxx
nvidia cumulus_linux 5.9.2.0020
nvidia cumulus_linux 5.13
nvidia cumulus_linux 5.9
nvidia doca *
nvidia cumulus_linux 5.9.0.0032
nvidia cumulus_linux 5.11
nvidia cumulus_linux 5.12
nvidia nvos 25.02.23xx
nvidia nvos 25.02.21xx
nvidia cumulus_linux 5.11.1.1009
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the NVIDIA DOCA software's collectx-clxapidev Debian package. It allows a low-privileged user to escalate their privileges due to incorrect permission assignments on critical resources. Exploiting this flaw can grant an attacker higher-level access than intended. [1]

Impact Analysis

If exploited, this vulnerability can lead to significant privilege escalation, allowing an attacker with initially low privileges to gain high-level access. This can compromise the confidentiality, integrity, and availability of the affected system. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-23257. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart