Misconfigured VBIOS Vulnerability in NVIDIA HGX and DGX Products
CVE-2025-23301

4.2MEDIUM

Key Information:

Vendor: Nvidia
Status: Hgx, Dgx Hopper; Hgx, Dgx Blackwell
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23301?

NVIDIA HGX and DGX systems are susceptible to a misconfiguration issue within the VBIOS, which can potentially allow an attacker to modify access levels to unsafe debug settings. If exploited, this vulnerability could lead to a denial of service, undermining system stability and availability. Proper configuration and security measures are essential to mitigate these risks.

Affected Version(s)

HGX, DGX Blackwell VBIOS All versions prior to and including 1.2.0

HGX, DGX Hopper VBIOS All versions prior to and including 1.7.1

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23301

https://www.cve.org/CVERecord?id=CVE-2025-23301

https://nvidia.custhelp.com/app/answers/detail/a_id/5674

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23301?

Affected Version(s)

References

CVSS V3.1

Timeline