Sensitive Data Exposure in NVIDIA Cumulus Linux and NVOS Products
CVE-2025-23261

5.5MEDIUM

Key Information:

Vendor: Nvidia
Status: Nvos; Cumulus Linux
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23261?

NVIDIA's Cumulus Linux and NVOS products exhibit a security flaw whereby hashed user passwords are improperly handled in log files. This oversight could allow unauthorized access to sensitive information, creating a potential for data breaches. Organizations using these products should prioritize implementing remediation measures to secure their systems against unauthorized information disclosure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cumulus Linux Cumulus Linux Cumulus Linux 5.12, 5.11, 5.10, 5.9 and older

NVOS IBSwitch NVOS 25.02.3xxx

NVOS NVSwitch NVOS 25.02.21xx, 25.02.22xx, 25.02.23xx

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23261

https://www.cve.org/CVERecord?id=CVE-2025-23261

https://nvidia.custhelp.com/app/answers/detail/a_id/5655

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia