All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2025-23350
CRITICALpublished 2026-07-01 16:16 UTC · 3 days ago · modified 2026-07-01 18:32 UTC
9.0
CVSS / 10
// description
NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
// weaknesses (CWE)
- CWE-787