CVE-2025-23337

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5692

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) NVIDIA HGX & DGX GB200, GB300, B300 contienen una vulnerabilidad en el Controlador de Gestión HGX (HMC) que podría permitir a un actor malicioso con acceso administrativo en el BMC acceder al HMC como administrador. Un exploit exitoso de esta vulnerabilidad podría conducir a la ejecución de código, denegación de servicio, escalada de privilegios, revelación de información y manipulación de datos.

17 Sep 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-17 23:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-23337

Mitre link : CVE-2025-23337

CVE.ORG link : CVE-2025-23337

JSON object : View

Products Affected

No product.

CWE

CWE-1244

Internal Asset Exposed to Unsafe Debug Access Level or State

6.7 /10