Privilege Escalation and Denial of Service Vulnerability in NVIDIA DOCA-Host and Mellanox OFED
CVE-2025-23263

7.6HIGH

Key Information:

Vendor: Nvidia
Status: Doca-host And Mellanox Ofed
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-23263?

A vulnerability exists in the VGT+ feature of NVIDIA DOCA-Host and Mellanox OFED, allowing an attacker with access to a Virtual Machine (VM) to exploit this flaw. This could lead to unauthorized privilege escalation and denial of service on the VLAN, potentially affecting the integrity and availability of the system.

Affected Version(s)

DOCA-Host and Mellanox OFED Linux DOCA-Host All versions prior to 2.5.4-0.0.9

DOCA-Host and Mellanox OFED Linux DOCA-Host All versions prior to 2.9.3-0.2.2

DOCA-Host and Mellanox OFED Linux DOCA-Host All versions prior to 3.0.0-058001

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5654

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23263?

Affected Version(s)

References

CVSS V3.1

Timeline