Vendor scorecard
NVIDIA Networking
NVIDIA Networking security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: nvidia
Product families
3
Open in latest
1
Inferred — see methodology
Last disclosure
Feb 24, 2026
01
Product categories
3 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Cumulus / Switch OSRouting & Switchingcumulus_linux, onyx, mlnx-os… | 14 | 0 | 8.2.2300MED | ||
| BlueField DPURouting & Switchingbluefield_1_firmware, bluefield_2_ga_firmware, bluefield_2_lts_firmware… | 5 | 1 | 32.38.1002LOW | ||
| ConnectX AdaptersRouting & Switchingconnectx_firmware, connectx-5, connectx-6… | 3 | 0 | 35.1012LOW |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-33181(opens NVD record) | High | 7.3 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2025-33180(opens NVD record) | High | 8.0 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2025-33179(opens NVD record) | High | 8.0 | NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. | Feb 24, 2026 |
| CVE-2024-0113(opens NVD record) | High | 7.5 | NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a vulnerability in the web support, where an attacker can cause a CGI path traversal by a specially crafted URI. A successful exploit of this vulnerability might lead to escalation of privileges and information disclosure. | Aug 12, 2024 |
| CVE-2024-0104(opens NVD record) | Medium | 4.2 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | Aug 8, 2024 |
| CVE-2024-0101(opens NVD record) | High | 7.5 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch. A successful exploit of this vulnerability might lead to denial of service. | Aug 8, 2024 |
| CVE-2023-31037(opens NVD record) | High | 7.2 | NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS. | Jan 24, 2024 |
| CVE-2023-25526(opens NVD record) | Medium | 6.5 | NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service. | Sep 20, 2023 |
| CVE-2023-25525(opens NVD record) | High | 7.5 | NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure. | Sep 20, 2023 |
| CVE-2023-25519(opens NVD record) | High | 7.8 | NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. | Sep 12, 2023 |
| CVE-2023-0205(opens NVD record) | Medium | 5.0 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | Apr 22, 2023 |
| CVE-2023-0204(opens NVD record) | Medium | 6.5 | NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | Apr 22, 2023 |
13 CVEs · 3 product families