CVE-2025-23261 - Vulnerability Details

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.

Published: 2025-09-04

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

NVOS

unaffected

Version	Status	Constraints
`NVOS 25.02.21xx, 25.02.22xx, 25.02.23xx`	affected	—

NVIDIA

Cumulus Linux

unaffected

Version	Status	Constraints
`Cumulus Linux 5.12, 5.11, 5.10, 5.9 and older`	affected	—

NVIDIA

NVOS

unaffected

Version	Status	Constraints
`NVOS 25.02.3xxx`	affected	—

No data.

Vendor	Product	Confidence	Versions
Nvidia	Cumulus Linux	—	—
Nvidia	Nvs	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-26731	NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-23261
https://nvidia.custhelp.com/app/answers/detail/a_id/5655
https://www.cve.org/CVERecord?id=CVE-2025-23261

History

Fri, 05 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia cumulus Linux Nvidia nvs
Vendors & Products		Nvidia Nvidia cumulus Linux Nvidia nvs

Thu, 04 Sep 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 04 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users.
Weaknesses		CWE-532
References		https://nvd.nist.gov/vuln/detail/CVE-2025-23261 https://nvidia.custhelp.com/app/answers/detail/a_id/5655 https://www.cve.org/CVERecord?id=CVE-2025-23261
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

Nvidia Cumulus Linux Nvs

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2025-09-04T15:52:20.450Z

Updated: 2025-09-04T18:57:43.632Z

Reserved: 2025-01-14T01:06:22.263Z

Link: CVE-2025-23261

Vulnrichment

Updated: 2025-09-04T18:51:32.881Z

NVD

Status : Awaiting Analysis

Published: 2025-09-04T16:15:34.487

Modified: 2025-09-05T17:47:24.833

Link: CVE-2025-23261

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-09-05T14:02:38Z

Weaknesses

CWE-532

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object