NVIDIA HGX and DGX Misconfiguration Vulnerability
CVE-2025-23302

4.2MEDIUM

Key Information:

Vendor: Nvidia
Status: Hgx, Dgx Hopper; Hgx, Dgx Blackwell
Vendor: CVE Published:; 4 September 2025

What is CVE-2025-23302?

NVIDIA HGX and DGX systems are affected by a misconfiguration vulnerability that permits an unsafe debug access level due to improper setup of the LS10 component. This flaw can be exploited by attackers, potentially leading to service disruption as they gain unauthorized access to critical debugging features. Organizations leveraging these products should assess their configurations to mitigate possible threats and ensure the integrity of their systems.

Affected Version(s)

HGX, DGX Blackwell LS10 All versions prior to and including 1.2.0

HGX, DGX Hopper LS10 All versions prior to and including 1.7.1

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23302

https://www.cve.org/CVERecord?id=CVE-2025-23302

https://nvidia.custhelp.com/app/answers/detail/a_id/5674

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23302?

Affected Version(s)

References

CVSS V3.1

Timeline