CVE-2025-23337_CVE-2025-23337

6.7 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Basic Information

ID CVE-2025-23337

Source nvidia

Published Sep 17, 2025 at 22:27

Affected Product

Vendor NVIDIA

Product HGX GB200, HGX GB300, HGC B300

Version GB200 1.2, GB300 0.8 dev drop, B300 0.6

Affected Versions NVIDIA HGX GB200, HGX GB300, HGC B300 GB200 1.2, GB300 0.8 dev drop, B300 0.6
NVIDIA DGX GB200, HGX GB300, HGC B300 GB200 1.2, GB300 0.8 dev drop, B300 0.6

CWE Classification

CWE-1244

References

nvidia.custhelp.com /app/answers/detail/a_id/5692

{
    "lastseen": "",
    "description": "NVIDIA HGX & DGX GB200, GB300, B300  contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",
    "published": "2025-09-17T22:27:15.541Z",
    "modified": "2025-09-17T22:27:15.541Z",
    "type": "cve",
    "title": "CVE-2025-23337",
    "source": "nvidia",
    "references": "https://nvidia.custhelp.com/app/answers/detail/a_id/5692",
    "id": "CVE-2025-23337",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1244"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA HGX GB200, HGX GB300, HGC B300 GB200 1.2, GB300 0.8 dev drop, B300 0.6\nNVIDIA DGX GB200, HGX GB300, HGC B300 GB200 1.2, GB300 0.8 dev drop, B300 0.6",
    "sourceHref": "",
    "cvss": {
        "score": 6.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HGX GB200, HGX GB300, HGC B300",
    "version": "GB200 1.2, GB300 0.8 dev drop, B300 0.6",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}