UEFI Management Mode Vulnerability in NVIDIA Jetson Linux
CVE-2025-23270

7.1HIGH

Key Information:

Vendor: Nvidia
Status: Jetson Orin, Igx Orin And Xavier Devices
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-23270?

NVIDIA Jetson Linux is susceptible to a vulnerability in UEFI Management mode, which allows unprivileged local attackers to exploit a side channel, potentially exposing sensitive information. If leveraged successfully, this flaw could result in unauthorized code execution, data manipulation, denial of service, and the disclosure of confidential data, posing a significant risk to system integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4

Jetson Orin, IGX Orin and Xavier Devices Jetson Linux NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5662

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23270?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.