Information Disclosure and Denial of Service in NVIDIA Mellanox DPDK Poll Mode Driver
CVE-2025-23259

6.5MEDIUM

Key Information:

Vendor: Nvidia
Status: Mellanox Dpdk 22.11; Mellanox Dpdk 20.11; Upstream Dpdk
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23259?

A vulnerability exists in the Poll Mode Driver (PMD) of NVIDIA Mellanox DPDK that could allow an attacker operating from a virtual machine (VM) within the same system to potentially exploit the network interface. This could result in unintentional exposure of sensitive information and lead to a denial of service on the affected network interface, thereby impacting network performance and availability.

Affected Version(s)

Mellanox DPDK 20.11 Any-20.11_7 All versions prior to 20.11_7.8.0 LTS

Mellanox DPDK 22.11 Any-22.11_2310 All versions prior to 22.11_2310 LTS

Mellanox DPDK 22.11 Any-22.11_2410 All versions prior to 22.11_2410 LTS

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23259

https://www.cve.org/CVERecord?id=CVE-2025-23259

https://nvidia.custhelp.com/app/answers/detail/a_id/5655

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23259?

Affected Version(s)

References

CVSS V3.1

Timeline