Nvidia security vulnerabilities: AI and network technology gateway for attackers
Security updates close gaps in Nvidia's AI platforms DGX and HGX, among others.
(Image: AFANASEV IVAN/Shutterstock.com)
Nvidia's AI and network technology BlueField, ConnectX, Cumulus Linux, DGX, DOCA, HGX and Mellanox DPDK are vulnerable. In most cases, attackers can gain higher user rights after successful attacks. So far there are no reports of ongoing attacks. Security patches are available.
The dangers
According [Link auf https://nvidia.custhelp.com/app/answers/detail/a_id/5655]to a warning message, a vulnerability (CVE-2025-23256, risk "high") in BlueField is the most dangerous. Among other things, attackers can manipulate data here. To achieve this, however, they must have local access to the management interface. If this is the case, they can use broken authentication to gain unauthorized access and manipulate the system configuration. It is not yet clear how such attacks could actually take place.
Attackers can use the vulnerabilities in DOCA (CVE-2025-23257 "high", CVE-2025-23258 "high") to gain higher user rights. For this to work, however, they must already have low rights. DoS attacks are possible on Mellanox DPDK, ConnectX and Cumulus Linux, among others. If such an attack succeeds, services crash. Attackers can also access data that is actually sealed off. In the context of DGX and HGX are also vulnerable to DoS attacks.
Install updates
It is beyond the scope of this report to list all security patches. Nvidia has listed them in its warning messages. To prevent possible attacks, admins should ensure that their systems are up to date.
The developers at Nvidia recently closed several security gaps in AI software such as Apex and Megatron LM.
(des)
