๐Ÿ” CVE Alert

CVE-2025-23350

CRITICAL 9.0
CVSS Score
9.0
EPSS Score
0.0%
EPSS Percentile
0th

NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

CWE CWE-787
Vendor nvidia
Product bluefield ga
Published Jul 1, 2026
Last Updated Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for nvidia bluefield ga

Be the first to know when new critical vulnerabilities affecting nvidia bluefield ga are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

NVIDIA / BlueField GA
All versions prior to 46.3008
NVIDIA / BlueField LTS22
All versions prior to 35.8002
NVIDIA / BlueField LTS23
All versions prior to 39.8002
NVIDIA / BlueField LTS24
All versions prior to 43.8002
NVIDIA / ConnectX GA
All versions prior to 46.3008
NVIDIA / ConnectX LTS22
All versions prior to 35.8002
NVIDIA / ConnectX LTS23
All versions prior to 39.8002
NVIDIA / ConnectX LTS24
All versions prior to 43.8002

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
nvd.nist.gov: https://nvd.nist.gov/vuln/detail/CVE-2025-23350 cve.org: https://www.cve.org/CVERecord?id=CVE-2025-23350 github.com: https://github.com/NVIDIA/product-security/tree/main/2026/5699