CVE-2025-23257
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | cumulus_linux | 5.11.0.0026 |
| nvidia | cumulus_linux | 5.10 |
| nvidia | nvos | 25.02.22xx |
| nvidia | nvos | 25.02.42xx |
| nvidia | nvos | 25.02.3xxx |
| nvidia | nvos | 25.02.4xxx |
| nvidia | cumulus_linux | 5.9.2.0020 |
| nvidia | cumulus_linux | 5.13 |
| nvidia | cumulus_linux | 5.9 |
| nvidia | doca | * |
| nvidia | cumulus_linux | 5.9.0.0032 |
| nvidia | cumulus_linux | 5.11 |
| nvidia | cumulus_linux | 5.12 |
| nvidia | nvos | 25.02.23xx |
| nvidia | nvos | 25.02.21xx |
| nvidia | cumulus_linux | 5.11.1.1009 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the NVIDIA DOCA software's collectx-clxapidev Debian package. It allows a low-privileged user to escalate their privileges due to incorrect permission assignments on critical resources. Exploiting this flaw can grant an attacker higher-level access than intended. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to significant privilege escalation, allowing an attacker with initially low privileges to gain high-level access. This can compromise the confidentiality, integrity, and availability of the affected system. [1]