Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-23259

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-04 Sep, 2025 | 15:52
Updated At-04 Sep, 2025 | 18:57
Rejected At-
Credits

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:04 Sep, 2025 | 15:52
Updated At:04 Sep, 2025 | 18:57
Rejected At:
â–¼CVE Numbering Authority (CNA)

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
Mellanox DPDK 22.11
Platforms
  • Any-22.11_2504
Default Status
unaffected
Versions
Affected
  • All versions prior to 22.11_2504.1.0
Vendor
NVIDIA CorporationNVIDIA
Product
Mellanox DPDK 22.11
Platforms
  • Any-22.11_2410
Default Status
unaffected
Versions
Affected
  • All versions prior to 22.11_2410 LTS
Vendor
NVIDIA CorporationNVIDIA
Product
Mellanox DPDK 22.11
Platforms
  • Any-22.11_2310
Default Status
unaffected
Versions
Affected
  • All versions prior to 22.11_2310 LTS
Vendor
NVIDIA CorporationNVIDIA
Product
Mellanox DPDK 20.11
Platforms
  • Any-20.11_7
Default Status
unaffected
Versions
Affected
  • All versions prior to 20.11_7.8.0 LTS
Vendor
NVIDIA CorporationNVIDIA
Product
Upstream DPDK
Platforms
  • Any-25.07
Default Status
unaffected
Versions
Affected
  • All versions prior to 25.07
Vendor
NVIDIA CorporationNVIDIA
Product
Upstream DPDK
Platforms
  • Any-24.11.3
Default Status
unaffected
Versions
Affected
  • All versions prior to 24.11.3 LTS
Vendor
NVIDIA CorporationNVIDIA
Product
Upstream DPDK
Platforms
  • Any-23.11.5
Default Status
unaffected
Versions
Affected
  • All versions prior to 23.11.5 LTS
Vendor
NVIDIA CorporationNVIDIA
Product
Upstream DPDK
Platforms
  • Any-22.11.10
Default Status
unaffected
Versions
Affected
  • All versions prior to 22.11.10 LTS
Problem Types
TypeCWE IDDescription
CWECWE-362CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Type: CWE
CWE ID: CWE-362
Description: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ADenial of Service, Information Disclosure
CAPEC ID: N/A
Description: Denial of Service, Information Disclosure
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvd.nist.gov/vuln/detail/CVE-2025-23259
N/A
https://www.cve.org/CVERecord?id=CVE-2025-23259
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5655
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2025-23259
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-23259
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5655
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:04 Sep, 2025 | 16:15
Updated At:05 Sep, 2025 | 17:47

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-362Primarypsirt@nvidia.com
CWE ID: CWE-362
Type: Primary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvd.nist.gov/vuln/detail/CVE-2025-23259psirt@nvidia.com
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5655psirt@nvidia.com
N/A
https://www.cve.org/CVERecord?id=CVE-2025-23259psirt@nvidia.com
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2025-23259
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5655
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-23259
Source: psirt@nvidia.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2021-1061
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.50%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 15:05
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which a race condition may cause the vGPU plugin to continue using a previously validated resource that has since changed, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).

Action-Not Available
Vendor-nutanixVMware (Broadcom Inc.)NVIDIA CorporationCitrix (Cloud Software Group, Inc.)Red Hat, Inc.
Product-enterprise_linux_kernel-based_virtual_machinehypervisorvirtual_gpu_managervsphereahvNVIDIA Virtual GPU Manager
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-5967
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-25 Jun, 2020 | 21:55
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux GPU Display Driver, all versions, contains a vulnerability in the UVM driver, in which a race condition may lead to a denial of service.

Action-Not Available
Vendor-NVIDIA CorporationCanonical Ltd.
Product-ubuntu_linuxgeforce_firmwarequadro_firmwarenvs_firmwarenvsteslaquadrogeforcetesla_firmwareNVIDIA GPU Display Driver
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-5969
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.04% / 12.50%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 22:25
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpu_managerNVIDIA vGPU Software
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2025-33235
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.34%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:38
Updated-02 Feb, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Resiliency Extension for Linux contains a vulnerability in the checkpointing core, where an attacker may cause a race condition. A successful exploit of this vulnerability might lead to information disclosure, data tampering, denial of service, or escalation of privileges.

Action-Not Available
Vendor-Linux Kernel Organization, IncNVIDIA Corporation
Product-nvidia_resiliency_extensionlinux_kernelResiliency Extension
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-34406
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.03% / 10.10%
||
7 Day CHG~0.00%
Published-18 Jan, 2022 | 18:05
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a specific race condition can lead to a null pointer dereference, which may lead to a system reboot.

Action-Not Available
Vendor-Google LLCNVIDIA Corporation
Product-androidshield_experienceSHIELD TV
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Details not found