{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23270", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-01-14T01:06:23.292Z", "datePublished": "2025-07-17T19:59:24.528Z", "dateUpdated": "2025-07-17T20:21:39.590Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Jetson Linux", "IGX OS"], "product": "Jetson Orin, IGX Orin and Xavier Devices", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2"}, {"status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4"}, {"status": "affected", "version": "NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2"}, {"status": "affected", "version": "IGX Orin All versions prior to IGX 1.1.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."}], "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, data tampering, denial of service, information disclosure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-07-17T19:59:24.528Z"}, "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-17T20:21:29.502391Z", "id": "CVE-2025-23270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:21:39.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-17T20:21:29.502391Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T20:21:36.271Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, data tampering, denial of service, information disclosure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Jetson Orin, IGX Orin and Xavier Devices", "versions": [{"status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP5.x: 35.6.2"}, {"status": "affected", "version": "NVIDIA Jetson Orin Series All versions prior to JP6.x: 36.4.4"}, {"status": "affected", "version": "NVIDIA Xavier Series All versions prior to JP5.x: 35.6.2"}, {"status": "affected", "version": "IGX Orin All versions prior to IGX 1.1.2"}], "platforms": ["Jetson Linux", "IGX OS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-392", "description": "CWE-392: Missing Report of Error Condition"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2025-07-17T19:59:24.528Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23270", "state": "PUBLISHED", "dateUpdated": "2025-07-17T20:21:39.590Z", "dateReserved": "2025-01-14T01:06:23.292Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2025-07-17T19:59:24.528Z", "assignerShortName": "nvidia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."}, {"lang": "es", "value": "NVIDIA Jetson Linux contiene una vulnerabilidad en el modo de administraci\u00f3n UEFI, donde un atacante local sin privilegios puede exponer informaci\u00f3n confidencial mediante una vulnerabilidad de canal lateral. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar ejecuci\u00f3n de c\u00f3digo, manipulaci\u00f3n de datos, denegaci\u00f3n de servicio y divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2025-23270", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 6.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2025-07-17T20:15:28.993", "references": [{"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5662"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-392"}], "source": "psirt@nvidia.com", "type": "Secondary"}]}

{}

{}