Primary

Context

NVIDIA Bluefield and ConnectX Management Interface Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability has been identified in the management interface of NVIDIA Bluefield and ConnectX products. This issue could enable a malicious actor with high privilege access to execute arbitrary code. The vulnerability is present in several different product versions, depending on the specific product and its release channel.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code with high privileges on the affected system.

Remediation

Users can upgrade to version 46.1006 to address this vulnerability. For ConnectX-4 LX, version 32.1908 is available. Instructions for downloading these updates can be found on the NVIDIA Product Security page.

Added: Oct 22, 2025, 6:39 PM

Updated: Oct 22, 2025, 9:36 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Bluefield and ConnectX Management Interface Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

NVIDIA BlueField GA

NVIDIA BlueField LTS22

NVIDIA ConnectX GA

NVIDIA ConnectX LTS22

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating