Bluefield CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-23299	1 Nvidia	2 Bluefield, Connectx	2025-10-23	6.7 Medium
NVIDIA Bluefield and ConnectX contain a vulnerability in the management interface that could allow a malicious actor with high privilege access to execute arbitrary code.
CVE-2025-23256	1 Nvidia	4 Bluefield, Bluefield 2 Ga, Bluefield 2 Lts and 1 more	2025-09-05	8.7 High
NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2023-31037	1 Nvidia	4 Bluefield 2 Ga, Bluefield 2 Lts, Bluefield 3 Ga and 1 more	2025-06-09	7.2 High
NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.
CVE-2023-25519	1 Nvidia	8 Bluefield 1, Bluefield 1 Firmware, Bluefield 2 Ga and 5 more	2024-11-21	7.8 High
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.

Page 1 of 1.