CVE-2025-23270 HIGH

CVE-2025-23270

Vendor Nvidia
Product Jetson Orin, IGX Orin and Xavier Devices
Weakness CWE-392
Published July 17, 2025
Last update July 17, 2025

CVSS base score

7.1/10
Attack vector Physical
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

Key dates

02Disclosure timeline

July 17, 2025 CVE published
July 17, 2025 Record updated