CVE-2025-23270

HIGH
Published Jul 17, 2025 Modified Apr 15, 2026 CWE-392

Description

NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVSS v3.1 Score

7.1
HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weakness Type (CWE)

CWE-392 CWE-392

References

Frequently Asked Questions

What is CVE-2025-23270? +
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. It has a CVSS v3.1 base score of 7.1 (HIGH).
How severe is CVE-2025-23270? +
CVE-2025-23270 has a CVSS v3.1 score of 7.1 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
How do I check if I'm vulnerable to CVE-2025-23270? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a …
CVE-2025-32743 9.0

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the …
CVE-2024-39697 8.6

phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic …
CVE-2024-12797 6.3

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server …
CVE-2025-26268 3.3

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. …
CVE-2025-59398 3.1

The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-23270 — free, no signup required.

Start Free Scan