Sensitive Data Exposure in NVIDIA Cumulus Linux and NVOS Products
CVE-2025-23261

5.5MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvos; Cumulus Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23261?

NVIDIA's Cumulus Linux and NVOS products exhibit a security flaw whereby hashed user passwords are improperly handled in log files. This oversight could allow unauthorized access to sensitive information, creating a potential for data breaches. Organizations using these products should prioritize implementing remediation measures to secure their systems against unauthorized information disclosure.

Affected Version(s)

Cumulus Linux Cumulus Linux Cumulus Linux 5.12, 5.11, 5.10, 5.9 and older

NVOS IBSwitch NVOS 25.02.3xxx

NVOS NVSwitch NVOS 25.02.21xx, 25.02.22xx, 25.02.23xx

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23261

https://www.cve.org/CVERecord?id=CVE-2025-23261

https://nvidia.custhelp.com/app/answers/detail/a_id/5655

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23261?

Affected Version(s)

References

CVSS V3.1

Timeline