CVE-2025-23350

CRITICAL

Nvidia BlueField GA - Out-of-bounds Write

Title source: rule
STIX 2.1

Description

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

Scores

CVSS v3 9.0
EPSS 0.0027
EPSS Percentile 18.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (8)
NVIDIA/BlueField GA All versions prior to 46.3008
NVIDIA/BlueField LTS22 All versions prior to 35.8002
NVIDIA/BlueField LTS23 All versions prior to 39.8002
NVIDIA/BlueField LTS24 All versions prior to 43.8002
NVIDIA/ConnectX GA All versions prior to 46.3008
NVIDIA/ConnectX LTS22 All versions prior to 35.8002
NVIDIA/ConnectX LTS23 All versions prior to 39.8002
NVIDIA/ConnectX LTS24 All versions prior to 43.8002
Published Jul 01, 2026
Tracked Since Jul 01, 2026