UEFI Management Mode Vulnerability in NVIDIA Jetson Linux
CVE-2025-23270

7.1HIGH

Key Information:

Vendor: Nvidia
Status: Jetson Orin, Igx Orin And Xavier Devices
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-23270?

NVIDIA Jetson Linux is susceptible to a vulnerability in UEFI Management mode, which allows unprivileged local attackers to exploit a side channel, potentially exposing sensitive information. If leveraged successfully, this flaw could result in unauthorized code execution, data manipulation, denial of service, and the disclosure of confidential data, posing a significant risk to system integrity and confidentiality.

Affected Version(s)

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5662

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23270?

Affected Version(s)

References

CVSS V3.1

Timeline