CVE-2025-23299

Description

NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.

CVSS breakdown

Affected products

• NVIDIA / BlueField GAAll versions prior to 46.1006 – All versions prior to 46.1006
• NVIDIA / BlueField LTS22All versions prior to 35.4554 – All versions prior to 35.4554
• NVIDIA / BlueField LTS23All versions prior to 39.5050 – All versions prior to 39.5050
• NVIDIA / BlueField LTS24All versions prior to 43.3608 – All versions prior to 43.3608
• NVIDIA / ConnectX-4 LXAll versions prior to 32.1908 – All versions prior to 32.1908
• NVIDIA / ConnectX GAAll versions prior to 46.1006 – All versions prior to 46.1006
• NVIDIA / ConnectX LTS22All versions prior to 35.4554 – All versions prior to 35.4554
• NVIDIA / ConnectX LTS23All versions prior to 39.5050 – All versions prior to 39.5050
• NVIDIA / ConnectX LTS24All versions prior to 43.3608 – All versions prior to 43.3608

References

• CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23299
• CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23299
• MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5684