By rssfeeds-admin 
Customers should immediately download and install the patched components from the NVIDIA Product Security portal.
Earlier evaluation versions are available upon request via NVOnline.
Summary of Addressed Vulnerabilities
The following table summarizes seven CVEs resolved in this release.
Each entry includes the CVSS v3.1 vector, base score, severity, associated CWE
category, and potential impacts.
| CVE ID | Product Component | CVSS v3.1 Vector | Score | Severity | CWE |
Impact |
|---|---|---|---|---|---|---|
| CVE-2025-23256 | BlueField management interface | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H | 8.7 | High | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23257 | DOCA collectx-clxapidev | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23258 | DOCA collectx-dpeserver (arm64) | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23259 | Mellanox DPDK Poll Mode Driver | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.5 | Medium | 362 | Information disclosure, denial of service |
| CVE-2025-23262 | ConnectX management interface | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.3 | Medium | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23261 | Cumulus Linux & NVOS logging | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N | 5.5 | Medium | 532 | Information disclosure (hashed passwords in logs) |
Affected Versions and Updated Releases
This release also maps each CVE to the affected products, platforms/OS, and patched versions.
Administrators should verify their current deployments against this table and upgrade accordingly.
| CVE ID | Affected Product(s) | Platform/OS | Affected Versions | Patched Version |
|---|---|---|---|---|
| 23257 | DOCA collectx-clxapidev | Linux – Debian based | All 2.9 < 2.9.3; all 2.10 | 2.9.3, 3.0.0 |
| 23258 | DOCA collectx-dpeserver (arm64) | Linux – Debian arm64 | All 2.5 < 2.5.4; 2.9 < 2.9.3; all 2.10 | 2.5.4; 2.9.3; 3.0.0 |
| 23256 | BlueField GA & LTS22–24 | BlueField-2,3 | Versions prior to 35.4554 / 39.5050 / 43.3608 / 45.1020 | 35.4554; 39.5050; 43.3608; 45.1020 |
| 23262 | ConnectX-4/5/6/7/8 GA & LTS22–24 | ConnectX series | Versions prior to 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 | 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 |
| 23259 | Mellanox DPDK 22.11/20.11/Upstream | Any | 20.11 < 7.8.0; 22.11 < 2504.1.0; upstream < 25.07; various LTS branches | 20.11.7.9.0; 22.11_2504.1.0; 23.11.5 LTS; 24.11.3 LTS; 25.07 |
| 23261 | Cumulus Linux; NVOS | Cumulus 5.x; NVOS 25.02.xxxx | Cumulus 5.9–5.12; NVOS 25.02.21xx–25.02.4xxx | Cumulus 5.13; NVOS 25.02.42xx, etc. |
Download links and firmware updates are available on the NVIDIA networking portal: ConnectX-4/6/7/8 firmware, DOCA/DPDK packages, and Cumulus Linux.
For CVE-2025-23261, customers should sanitize log files to remove any exposed hashed credentials.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post NVIDIA Releases Security Updates Addressing DoS, EoP, and Data Disclosure Flaws appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.