Vulnerability intelligence
CVE-2025-23351
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
CVSS Score
9
Critical
EPSS — Exploit Probability
0.0%
Riskier than 0% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
1 article across 1 outlet · first covered Jul 1, 2026 · latest Jul 1, 2026
Coverage timeline
-
NVIDIA patches 13 flaws, including local code exec in BlueFieldsecurityonline.info · Jul 1, 2026