CVE-2025-23350
CriticalCVSS 9.0Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A vulnerability in the command interface of NVIDIA ConnectX and BlueField allows a local user with virtual function (VF) access to cause a write out of bounds via crafted input. Successful exploitation may lead to arbitrary code execution on the device.
Risk Assessment
The risk involves potential takeover of the network card by a local user with VF privileges, which could lead to privilege escalation and compromise of the entire network infrastructure.
Recommendation
It is recommended to immediately apply patches provided by NVIDIA for affected software versions and restrict virtual function access to trusted users only.
Original NVD description (English source)
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.

