CVE-2025-23290

{"id": "CVE-2025-23290", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.0}]}, "published": "2025-08-02T23:15:26.780", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670", "source": "psirt@nvidia.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure."}, {"lang": "es", "value": "El software NVIDIA vGPU contiene una vulnerabilidad en el Administrador de GPU Virtual (VM), donde un invitado podr\u00eda obtener m\u00e9tricas globales de la GPU que podr\u00edan verse influenciadas por el trabajo en otras m\u00e1quinas virtuales. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-08-04T15:06:15.833", "sourceIdentifier": "psirt@nvidia.com"}