CVE-2025-23299 MEDIUM

CVE-2025-23299

Vendor Nvidia

Product BlueField GA

Weakness CWE-787

Published October 22, 2025

Last update October 22, 2025

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

Key dates

02Disclosure timeline

October 22, 2025 CVE published

October 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-23299 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2025-23299

CWE CWE-787

CVSS 6.7 / MEDIUM

Affected versions

Vendor Nvidia

Product BlueField GA

Affected All versions prior to 46.1006

Vendor Nvidia

Product BlueField LTS22

Affected All versions prior to 35.4554

Vendor Nvidia

Product BlueField LTS23

Affected All versions prior to 39.5050

Vendor Nvidia

Product BlueField LTS24

Affected All versions prior to 43.3608

Vendor Nvidia

Product ConnectX GA

Affected All versions prior to 46.1006

Vendor Nvidia

Product ConnectX LTS22

Affected All versions prior to 35.4554

Vendor Nvidia

Product ConnectX LTS23

Affected All versions prior to 39.5050

Vendor Nvidia

Product ConnectX LTS24

Affected All versions prior to 43.3608

Vendor Nvidia

Product ConnectX-4 LX

Affected All versions prior to 32.1908

CVE-2025-23299

01Description

02Disclosure timeline

03References

04Related CVE