NVIDIA Product Security Update Advisory
Overview
We have released security updates to fix vulnerabilities in NVIDIA products. Users of affected products are advised to update to the latest version.
Affected Products
CVE-2025-23256
BlueField GA Versions: 45.1020 and earlier
BlueField LTS22 Version: 35.4554 and earlier
BlueField LTS23 Version: less than 39.5050
BlueField LTS24 Version: less than 43.3608
CVE-2025-23257
NVIDIA DOCA with collectx-clxapidev Version: 2.9.0 or higher but less than 2.9.3
NVIDIA DOCA with collectx-clxapidev Version: 2.10.0 Full Version
CVE-2025-23258
NVIDIA DOCA with collectx-dpeserver Version: 2.5.0 or later but not earlier than 2.5.4
NVIDIA DOCA with collectx-dpeserver Version: 2.9.0 or later but not earlier than 2.9.3
NVIDIA DOCA with collectx-dpeserver Version: 2.10.0 Full Version
Resolved Vulnerabilities
Incorrect Authorization Validation Vulnerability in the NVIDIA BlueField Management Interface (CVE-2025-23256)
Privilege escalation vulnerability in the NVIDIA DOCA collectx-clxapidev package (CVE-2025-23257)
Privilege escalation vulnerability in the NVIDIA DOCA collectx-dpeserver package (CVE-2025-23258)
Vulnerability Patches
Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2025-23256
BlueField GA Version: 45.1020
BlueField LTS22 Version: 35.4554
BlueField LTS23 Version: 39.5050
BlueField LTS24 Version: 43.3608
CVE-2025-23257
NVIDIA DOCA with collectx-clxapidev Version: 2.9.3
NVIDIA DOCA with collectx-clxapidev Version: 3.0.0
CVE-2025-23258
NVIDIA DOCA with collectx-dpeserver Version: 2.5.4
NVIDIA DOCA with collectx-dpeserver Version: 2.9.3
NVIDIA DOCA with collectx-dpeserver Version: 3.0.0
References
[1] Security Bulletin: NVIDIA Bluefield, ConnectX, DOCA, Mellanox DPDK, Cumulus Linux and NVOS – September 2025
https://nvidia.custhelp.com/app/answers/detail/a_id/5655