CVE-2025-23258
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nvos | 25.02.21xx |
| nvidia | nvos | 25.02.42xx |
| nvidia | cumulus_linux | 5.11 |
| nvidia | nvos | 25.02.23xx |
| nvidia | cumulus_linux | 5.9 |
| nvidia | cumulus_linux | 5.10 |
| nvidia | nvos | 25.02.3xxx |
| nvidia | doca | 3.1 |
| nvidia | cumulus_linux | 5.9.2.0020 |
| nvidia | nvos | 25.02.4xxx |
| nvidia | cumulus_linux | 5.11.1.1009 |
| nvidia | cumulus_linux | 5.11.0.0026 |
| nvidia | cumulus_linux | 5.13 |
| nvidia | nvos | 25.02.22xx |
| nvidia | cumulus_linux | 5.12 |
| nvidia | cumulus_linux | 5.9.0.0032 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-23258 is a vulnerability in the NVIDIA DOCA collectx-dpeserver Debian package for the arm64 architecture. It allows an attacker with low privileges and local access to escalate their privileges on the affected system due to incorrect permission assignment for critical resources (CWE-732). The attack requires low complexity and user interaction but can have a high impact on confidentiality, integrity, and availability. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low privileges to escalate their privileges on your system, potentially gaining unauthorized access to sensitive data, modifying system settings, or disrupting system availability. The impact is high on confidentiality, integrity, and availability of the affected system. [1]
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects the NVIDIA DOCA collectx-dpeserver Debian package for arm64. Immediate mitigation steps would include checking for updates or patches from NVIDIA for this specific package and applying them as soon as they become available. Since the vulnerability involves incorrect permission assignment, reviewing and correcting permissions on the collectx-dpeserver package files and related resources may help reduce risk until an official fix is applied. [1]