InfoSecBulletin Cybersecurity for mankind
NVIDIA has issued important software updates to fix vulnerabilities in its BlueField DPUs, DOCA software, Mellanox DPDK, ConnectX network adapters, Cumulus Linux, and NVOS products. Many of these issues have high to critical severity and can lead to privilege escalation, denial of service, or information disclosure.
The most severe vulnerability, CVE-2025-23256, affects the NVIDIA BlueField management interface. According to NVIDIA, “an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.”
Microsft warns of active directory and office vulnarabilty
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
New patches for BlueField-2 and BlueField-3 are now available, including versions 45.1020, 35.4554 (LTS22), 39.5050 (LTS23), and 43.3608 (LTS24).
Two privilege escalation vulnerabilities (CVE-2025-23257 & CVE-2025-23258) affect NVIDIA DOCA’s Debian packages (collectx-clxapidev and collectx-dpeserver). Both carry a CVSS score of 7.3 and could allow an actor with low privileges to escalate their access. These vulnerabilities could potentially allow attackers to gain elevated privileges on affected systems. It is crucial for users to apply the necessary updates as soon as possible to mitigate any security risks.
NVIDIA confirmed: “A successful exploit of this vulnerability might lead to escalation of privileges.” Patches are available in versions DOCA 2.9.3, 2.5.4, and 3.0.0 depending on the affected package.
Another flaw (CVE-2025-23259) impacts the Mellanox DPDK Poll Mode Driver (PMD). NVIDIA warns that “an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface.”
The issue has been fixed in DPDK versions 22.11_2504.1.0 GA and several long-term support versions (22.11.10 LTS, 24.11.3 LTS, etc.).
A vulnerability (CVE-2025-23262) in NVIDIA ConnectX adapters resembles the BlueField issue, enabling local attackers to bypass authorization and alter configuration data. This could result in privilege escalation, denial of service, or data manipulation.
Updates for ConnectX-5, 6, 7, and 8 adapters are available with patched builds in both GA and LTS branches.
Finally, a less severe but still notable issue (CVE-2025-23261) affects NVIDIA Cumulus Linux and NVOS products. NVIDIA disclosed: “Hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.”
Fixes are in Cumulus Linux 5.13, NVOS 25.02.42xx (NVSwitch), and 25.02.4xxx (IBSwitch).
Android Alert: Google Patches 120 Flaws, Two Zero-Days Under Attack
