CVE-2025-23259
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | nvos | 25.02.21xx |
| nvidia | nvos | 25.02.42xx |
| nvidia | cumulus_linux | 5.11 |
| nvidia | nvos | 25.02.23xx |
| nvidia | cumulus_linux | 5.9 |
| nvidia | cumulus_linux | 5.10 |
| nvidia | nvos | 25.02.3xxx |
| nvidia | mellanox_dpdks | 3.1 |
| nvidia | cumulus_linux | 5.9.2.0020 |
| nvidia | nvos | 25.02.4xxx |
| nvidia | cumulus_linux | 5.11.1.1009 |
| nvidia | cumulus_linux | 5.11.0.0026 |
| nvidia | cumulus_linux | 5.13 |
| nvidia | nvos | 25.02.22xx |
| nvidia | cumulus_linux | 5.12 |
| nvidia | cumulus_linux | 5.9.0.0032 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-23259 is a vulnerability in the NVIDIA Mellanox Data Plane Development Kit (DPDK), specifically in the Poll Mode Driver (PMD). It involves a race condition due to improper synchronization, allowing an attacker on a virtual machine (VM) within the system to cause information disclosure and denial of service (DoS) on the network interface. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker on a VM to disclose sensitive information and cause denial of service on the network interface, potentially disrupting network operations and affecting availability. [1]