NVIDIA has issued critical software patches addressing 13 newly disclosed vulnerabilities in its product lines, particularly affecting BlueField, ConnectX, and Megatron Bridge platforms. Some vulnerabilities, such as CVE-2025-23351, could allow local attackers to execute arbitrary code, necessitating immediate security updates to protect enterprise networks. Securing these devices is crucial, as they manage large data traffic and could risk complete device compromise if exploited.
The vulnerabilities carry CVSS scores indicating high severity, underscoring the urgency for administrators to implement the required patches. Currently, no public exploits have been confirmed for these vulnerabilities, and affected products include various generations of BlueField data processing units and ConnectX network adapters.