NVIDIA Releases Security Updates Addressing DoS, EoP, and Data Disclosure Flaws
Customers should immediately download and install the patched components from the NVIDIA Product Security portal.
Earlier evaluation versions are available upon request via NVOnline.
The following table summarizes seven CVEs resolved in this release.
Each entry includes the CVSS v3.1 vector, base score, severity, associated CWE
| CVE ID | Product Component | CVSS v3.1 Vector | Score | Severity | CWE | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-23256 | BlueField management interface | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H | 8.7 | High | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23257 | DOCA collectx-clxapidev | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23258 | DOCA collectx-dpeserver (arm64) | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 7.3 | High | 732 | Privilege escalation |
| CVE-2025-23259 | Mellanox DPDK Poll Mode Driver | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.5 | Medium | 362 | Information disclosure, denial of service |
| CVE-2025-23262 | ConnectX management interface | AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H | 6.3 | Medium | 863 | Escalation of privileges, DoS, information disclosure, data tampering |
| CVE-2025-23261 | Cumulus Linux & NVOS logging | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N | 5.5 | Medium | 532 | Information disclosure (hashed passwords in logs) |
This release also maps each CVE to the affected products, platforms/OS, and patched versions.
Administrators should verify their current deployments against this table and upgrade accordingly.
| CVE ID | Affected Product(s) | Platform/OS | Affected Versions | Patched Version |
|---|---|---|---|---|
| 23257 | DOCA collectx-clxapidev | Linux – Debian based | All 2.9 < 2.9.3; all 2.10 | 2.9.3, 3.0.0 |
| 23258 | DOCA collectx-dpeserver (arm64) | Linux – Debian arm64 | All 2.5 < 2.5.4; 2.9 < 2.9.3; all 2.10 | 2.5.4; 2.9.3; 3.0.0 |
| 23256 | BlueField GA & LTS22–24 | BlueField-2,3 | Versions prior to 35.4554 / 39.5050 / 43.3608 / 45.1020 | 35.4554; 39.5050; 43.3608; 45.1020 |
| 23262 | ConnectX-4/5/6/7/8 GA & LTS22–24 | ConnectX series | Versions prior to 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 | 12.28.4704; 14.32.1908; 35.4554; 39.5050; 43.3608; 45.1020 |
| 23259 | Mellanox DPDK 22.11/20.11/Upstream | Any | 20.11 < 7.8.0; 22.11 < 2504.1.0; upstream < 25.07; various LTS branches | 20.11.7.9.0; 22.11_2504.1.0; 23.11.5 LTS; 24.11.3 LTS; 25.07 |
| 23261 | Cumulus Linux; NVOS | Cumulus 5.x; NVOS 25.02.xxxx | Cumulus 5.9–5.12; NVOS 25.02.21xx–25.02.4xxx | Cumulus 5.13; NVOS 25.02.42xx, etc. |
Download links and firmware updates are available on the NVIDIA networking portal: ConnectX-4/6/7/8 firmware, DOCA/DPDK packages, and Cumulus Linux.
For CVE-2025-23261, customers should sanitize log files to remove any exposed hashed credentials.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post NVIDIA Releases Security Updates Addressing DoS, EoP, and Data Disclosure Flaws appeared first on Cyber Security News.
Prime Video has confirmed that its hit Alan Ritchson action-drama Reacher has been renewed for…
Years before his starring roles in The Lord of the Rings and X-Men, Ian McKellen…
Neowiz and Round8's Lies of P sequel has now "entered full production phase." While we…
Sega has confirmed it has canceled its mysterious "Super Game" as part of a company-wide…
DUBAI, United Arab Emirates, May 11, 2026, CyberNewswire—Dubai-founded OTT Cybersecurity LLC today announced acceptance into…
Sentient.xyz – GoDaddy customer – (Singapore) The .xyz community includes developers building AI infrastructure aimed…
This website uses cookies.