NVIDIA Releases Security Updates Addressing DoS, EoP, and Data Disclosure Flaws
Customers should immediately download and install the patched components from the NVIDIA Product Security portal.
Earlier evaluation versions are available upon request via NVOnline.
The following table summarizes seven CVEs resolved in this release.
Each entry includes the CVSS v3.1 vector, base score, severity, associated CWE
| CVE ID | Product Component | CVSS v3.1 Vector | Score | Severity | CWE | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-23256 | BlueField management interface | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H | 8.7 | High | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23257 | DOCA collectx-clxapidev | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23258 | DOCA collectx-dpeserver (arm64) | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23259 | Mellanox DPDK Poll Mode Driver | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.5 | Medium | 362 | Information disclosure, denial of service |
| CVE-2025-23262 | ConnectX management interface | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.3 | Medium | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23261 | Cumulus Linux & NVOS logging | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N | 5.5 | Medium | 532 | Information disclosure (hashed passwords in logs) |
This release also maps each CVE to the affected products, platforms/OS, and patched versions.
Administrators should verify their current deployments against this table and upgrade accordingly.
| CVE ID | Affected Product(s) | Platform/OS | Affected Versions | Patched Version |
|---|---|---|---|---|
| 23257 | DOCA collectx-clxapidev | Linux – Debian based | All 2.9 < 2.9.3; all 2.10 | 2.9.3, 3.0.0 |
| 23258 | DOCA collectx-dpeserver (arm64) | Linux – Debian arm64 | All 2.5 < 2.5.4; 2.9 < 2.9.3; all 2.10 | 2.5.4; 2.9.3; 3.0.0 |
| 23256 | BlueField GA & LTS22–24 | BlueField-2,3 | Versions prior to 35.4554 / 39.5050 / 43.3608 / 45.1020 | 35.4554; 39.5050; 43.3608; 45.1020 |
| 23262 | ConnectX-4/5/6/7/8 GA & LTS22–24 | ConnectX series | Versions prior to 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 | 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 |
| 23259 | Mellanox DPDK 22.11/20.11/Upstream | Any | 20.11 < 7.8.0; 22.11 < 2504.1.0; upstream < 25.07; various LTS branches | 20.11.7.9.0; 22.11_2504.1.0; 23.11.5 LTS; 24.11.3 LTS; 25.07 |
| 23261 | Cumulus Linux; NVOS | Cumulus 5.x; NVOS 25.02.xxxx | Cumulus 5.9–5.12; NVOS 25.02.21xx–25.02.4xxx | Cumulus 5.13; NVOS 25.02.42xx, etc. |
Download links and firmware updates are available on the NVIDIA networking portal: ConnectX-4/6/7/8 firmware, DOCA/DPDK packages, and Cumulus Linux.
For CVE-2025-23261, customers should sanitize log files to remove any exposed hashed credentials.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post NVIDIA Releases Security Updates Addressing DoS, EoP, and Data Disclosure Flaws appeared first on Cyber Security News.
The Oscars just had their seventh tie in the history of the Academy Awards, for…
A sign explaining restrictions on buying soda and sweetened drinks using Supplemental Nutrition Assistance Program…
The 98th Academy Awards, also known as The Oscars 2026, have finally arrived and are…
BIG COUNTRY, Texas (KTAB/KRBC) - A brand new Texas State Park is now open, and…
Aether OS puts a full-fledged desktop in your browser that ties directly into the AT…
A new weekend has arrived, and today, you can save big on Trails in the…
This website uses cookies.