Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-23350

CVE-2025-23350: NVIDIA ConnectX/BlueField RCE Vulnerability

CVE-2025-23350 is an RCE vulnerability in NVIDIA ConnectX and BlueField devices caused by improper input validation in the command interface. Attackers with VF access can execute arbitrary code on affected devices.

Published:

CVE-2025-23350 Overview

CVE-2025-23350 affects NVIDIA ConnectX network adapters and BlueField data processing units (DPUs). The vulnerability resides in the device command interface, where a local user with virtual function (VF) access can trigger an out-of-bounds write via crafted input. Successful exploitation can lead to arbitrary code execution on the device itself, compromising the network hardware plane beneath the host operating system. The flaw is tracked under [CWE-787] (Out-of-bounds Write) and carries a critical CVSS 3.1 base score of 9.0. Because ConnectX and BlueField are widely deployed in data centers, cloud providers, and high-performance computing clusters, the vulnerability creates risk for multi-tenant infrastructure where VFs are exposed to untrusted guests.

Critical Impact

A local attacker with virtual function access can execute arbitrary code on ConnectX and BlueField devices, breaching the isolation boundary between guest VMs and network hardware.

Affected Products

  • NVIDIA ConnectX network adapters
  • NVIDIA BlueField data processing units (DPUs)
  • Deployments exposing SR-IOV virtual functions to guest workloads

Discovery Timeline

  • 2026-07-01 - CVE-2025-23350 published to NVD
  • 2026-07-01 - Last updated in NVD database

Technical Details for CVE-2025-23350

Vulnerability Analysis

The vulnerability is an out-of-bounds write in the command interface used to configure and control NVIDIA ConnectX and BlueField devices. The command interface accepts structured input from the host and from virtual functions assigned to guests through Single Root I/O Virtualization (SR-IOV). When a local user with VF access submits crafted input, the interface writes data beyond the intended buffer boundary. That write can corrupt adjacent device memory or control structures, giving the attacker a path to arbitrary code execution on the network device. Because the impacted scope is Changed per the CVSS vector, successful exploitation reaches beyond the vulnerable component and can affect the host or neighboring tenants sharing the physical adapter.

Root Cause

The root cause is missing or insufficient validation of length and offset fields in command interface messages processed by the device firmware. The command handler trusts attacker-influenced size or index values, then performs a write operation without enforcing buffer bounds. This is a classic [CWE-787] pattern where sanitization fails at a trust boundary between a lower-privileged principal (a VF-owning guest) and privileged device firmware.

Attack Vector

Exploitation requires local access with VF privileges over an adjacent network path. In practice, this maps to a guest VM or container that has been granted a virtual function on a shared ConnectX or BlueField device. The attacker crafts malformed commands on the device command channel, triggers the out-of-bounds write, and gains code execution on the adapter or DPU. From that foothold, the attacker can pivot to intercept network traffic, undermine host isolation, or persist below the operating system. See the NVIDIA Product Security advisory for authoritative technical details.

Detection Methods for CVE-2025-23350

Indicators of Compromise

  • Unexpected device resets, firmware crashes, or command interface errors logged by ConnectX or BlueField drivers.
  • Anomalous traffic patterns originating from a network adapter that bypass host-level firewall or eBPF policy.
  • Guest VMs with SR-IOV VFs issuing high volumes of malformed or vendor-specific management commands.

Detection Strategies

  • Monitor host kernel logs for mlx5_core command completion errors, syndrome codes, and firmware assertion messages.
  • Baseline the volume and type of privileged commands issued through the VF command channel and alert on deviations.
  • Correlate guest VM activity with hypervisor-level device telemetry to identify tenants abusing VF access.

Monitoring Recommendations

  • Ingest hypervisor, host, and DPU telemetry into a centralized SIEM or data lake for cross-layer correlation.
  • Track NVIDIA firmware versions across the fleet and alert on hosts running unpatched ConnectX or BlueField images.
  • Enable audit logging for SR-IOV VF assignment and revocation events on hypervisors.

How to Mitigate CVE-2025-23350

Immediate Actions Required

  • Inventory all ConnectX and BlueField devices, capturing firmware version and SR-IOV configuration.
  • Apply the firmware update published in the NVIDIA Product Security advisory as soon as it is available for your model.
  • Restrict VF assignment to trusted workloads until patches are deployed across the fleet.
  • Review multi-tenant hosts for guests that hold VFs and evaluate whether that access is still required.

Patch Information

NVIDIA has published guidance and updated firmware for affected ConnectX and BlueField products through its product security repository. Consult the NVIDIA advisory for CVE-2025-23350 and the NVD entry for the current list of fixed firmware versions and update procedures.

Workarounds

  • Disable SR-IOV on affected adapters where VFs are not strictly required for workload performance.
  • Limit VF exposure to trusted management domains and avoid passing VFs directly to untrusted guest tenants.
  • Enforce hypervisor-level controls that restrict which guests can issue device management commands.
bash
# Example: disable SR-IOV virtual functions on an affected ConnectX interface
echo 0 | sudo tee /sys/class/net/<ifname>/device/sriov_numvfs

# Verify current firmware version before and after patching
sudo mstflint -d <pci_bus_id> query | grep -i FW

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.