CVE-2025-23256

HIGH8.7Auth bypass

Description

NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

Affected products

NVIDIA / BlueField GAAll versions prior to 45.1020 – All versions prior to 45.1020
NVIDIA / BlueField LTS22All versions prior to 35.4554 – All versions prior to 35.4554
NVIDIA / BlueField LTS23All versions prior to 39.5050 – All versions prior to 39.5050
NVIDIA / BlueField LTS24All versions prior to 43.3608 – All versions prior to 43.3608

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-23256
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-23256
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5655