Information Disclosure and Denial of Service in NVIDIA Mellanox DPDK Poll Mode Driver
CVE-2025-23259

6.5MEDIUM

Key Information:

Vendor

Nvidia
Status
Mellanox Dpdk 22.11
Mellanox Dpdk 20.11
Upstream Dpdk
Vendor
CVE Published:
4 September 2025

What is CVE-2025-23259?

CVE-2025-23259 is a vulnerability discovered in the NVIDIA Mellanox Data Plane Development Kit (DPDK) Poll Mode Driver (PMD), which is utilized for high-performance network data processing. This vulnerability allows an attacker operating within a virtual machine to exploit the system, potentially leading to severe consequences such as information disclosure and denial of service (DoS) affecting the network interface. The flaw primarily arises from improper handling of certain inputs, which can cause unintended access to sensitive information and disrupt network operations, ultimately jeopardizing the overall security and reliability of affected organizations’ network infrastructure.

Potential impact of CVE-2025-23259

  1. Information Disclosure: Exploitation of this vulnerability can enable attackers to gain unauthorized access to sensitive information that may be traversing the network interfaces managed by the DPDK PMD. This could lead to the exposure of confidential data and strategic insights critical for business operations.

  2. Denial of Service: The vulnerability can lead to denial of service conditions, where the network interface becomes unresponsive due to malicious input. This disruption can significantly affect the availability of network resources, impairing an organization’s ability to conduct business transactions and maintain operations.

  3. Increased Attack Surface: By allowing an attacker within a virtual machine to exploit this vulnerability, it increases the potential attack surface for adversaries, making it easier for them to launch further attacks or compromise additional systems within the network, thereby amplifying the overall security risk for organizations relying on affected NVIDIA technologies.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mellanox DPDK 20.11 Any-20.11_7 All versions prior to 20.11_7.8.0 LTS

Mellanox DPDK 22.11 Any-22.11_2310 All versions prior to 22.11_2310 LTS

Mellanox DPDK 22.11 Any-22.11_2410 All versions prior to 22.11_2410 LTS

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23259
https://www.cve.org/CVERecord?id=CVE-2025-23259
https://nvidia.custhelp.com/app/answers/detail/a_id/5655

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.