CVE-2025-23270

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5662

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) NVIDIA Jetson Linux contiene una vulnerabilidad en el modo de administración UEFI, donde un atacante local sin privilegios puede exponer información confidencial mediante una vulnerabilidad de canal lateral. Una explotación exitosa de esta vulnerabilidad podría provocar ejecución de código, manipulación de datos, denegación de servicio y divulgación de información.

17 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 20:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-23270

Mitre link : CVE-2025-23270

CVE.ORG link : CVE-2025-23270

JSON object : View

Products Affected

No product.

CWE

CWE-392

Missing Report of Error Condition

7.1 /10