Arbitrary Code Execution Vulnerability in NVIDIA Bluefield and ConnectX Management Interface
CVE-2025-23299

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Bluefield Ga; Bluefield Lts22; Bluefield Lts23; Bluefield Lts24
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-23299?

A vulnerability has been identified in the management interface of NVIDIA's Bluefield and ConnectX products, which may allow an attacker with high privileges to execute arbitrary code. This flaw can be exploited if an unauthorized user gains access to the management interface, enabling them to carry out malicious activities without proper authorization. It is crucial for users and organizations utilizing these NVIDIA products to ensure they are aware of the issue and implement necessary security measures to mitigate potential risks.

Affected Version(s)

BlueField GA BlueField-2 All versions prior to 46.1006

BlueField LTS22 BlueField-2 All versions prior to 35.4554

BlueField LTS23 BlueField-2 All versions prior to 39.5050

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23299

https://www.cve.org/CVERecord?id=CVE-2025-23299

https://nvidia.custhelp.com/app/answers/detail/a_id/5684

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23299?

Affected Version(s)

References

CVSS V3.1

Timeline