CVE-2025-23299
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-22

Last updated on: 2025-10-22

Assigner: NVIDIA Corporation

Description
NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-22
Last Modified
2025-10-22
Generated
2026-06-16
AI Q&A
2025-10-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-23299
EUVD
EUVD-2025-35587
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
nvidia bluefield 2
nvidia bluefield 3
nvidia connectx 6_lx
nvidia connectx 6_dx
nvidia connectx 6_de
nvidia connectx 4_lx
nvidia connectx 8
nvidia connectx 7
nvidia connectx 5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-23299 is a vulnerability in the management interface of NVIDIA Bluefield and ConnectX products. It allows a malicious actor who already has high privilege access to execute arbitrary code remotely. The vulnerability is an out-of-bounds write (CWE-787) and has a medium severity score of 6.7 according to CVSS v3.1. The attack requires local access, low complexity, and no user interaction, but it impacts confidentiality, integrity, and availability at a high level. [1, 2]

Impact Analysis

If exploited, this vulnerability can allow an attacker with high privilege access to execute arbitrary code on affected NVIDIA Bluefield and ConnectX devices. This can lead to a complete compromise of the device's confidentiality, integrity, and availability, potentially allowing unauthorized access, data manipulation, or disruption of services. [1, 2]

Mitigation Strategies

To mitigate the CVE-2025-23299 vulnerability, users should download and install the latest NVIDIA firmware versions that address this issue. The updated firmware versions are 46.1006, 35.4554, 39.5050, 43.3608, and 32.1908, depending on the specific BlueField or ConnectX product line and version. Installing these updated components from official NVIDIA firmware support links is the recommended immediate step to prevent exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-23299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart