Privilege Escalation Vulnerability in NVIDIA DOCA
CVE-2025-23257

7.3HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Doca With Collectx-clxapidev
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23257?

The NVIDIA DOCA platform contains a vulnerability in the collectx-clxapidev Debian package that allows a low-privileged actor to escalate their privileges. If exploited successfully, this vulnerability can enable unauthorized users to gain elevated access, leading to potential system compromise. This poses a significant risk to system integrity and requires immediate attention for affected users to mitigate potential exploitation.

Affected Version(s)

NVIDIA DOCA with collectx-clxapidev Linux – Debian based-2.10 All 2.10 versions

NVIDIA DOCA with collectx-clxapidev Linux – Debian based-2.9 All 2.9 versions prior to 2.9.3

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23257

https://www.cve.org/CVERecord?id=CVE-2025-23257

https://nvidia.custhelp.com/app/answers/detail/a_id/5655

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23257?

Affected Version(s)

References

CVSS V3.1

Timeline