Primary

Context

NVIDIA Cumulus Linux and NVOS Hashed Password Logging Vulnerability

Vulnerability

Patched

A vulnerability exists in NVIDIA Cumulus Linux and NVOS products, where hashed user passwords are not adequately suppressed in log files. This oversight could lead to unauthorized disclosure of information. The issue is present in Cumulus Linux versions 5.12, 5.11, 5.10, 5.9 and older, as well as NVOS 25.02.21xx, 25.02.22xx, 25.02.23xx, and 25.02.3xxx.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure.

Remediation

Users are advised to update to the latest versions of Cumulus Linux or NVOS, both of which include a fix for this vulnerability. Additionally, it is recommended to review log files for any sensitive information that may have been inadvertently logged and to ensure that logs are sanitized if extracted from the system.

Added: Sep 4, 2025, 6:18 PM

Updated: Sep 4, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

3.5

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Cumulus Linux and NVOS Hashed Password Logging Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NVIDIA Cumulus Linux

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating