Vulnerability in NVIDIA HGX & DGX GB200 and GB300 Management Controllers
CVE-2025-23337

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Hgx Gb200, Hgx Gb300, Hgc B300; Dgx Gb200, Hgx Gb300, Hgc B300
Vendor: CVE Published:; 17 September 2025

What is CVE-2025-23337?

A security flaw exists in the HGX Management Controller (HMC) of NVIDIA's HGX and DGX products, allowing an attacker with administrative access on the Baseboard Management Controller (BMC) to gain elevated privileges on the HMC. This vulnerability could lead to critical operational risks such as unauthorized code execution, denial of service, escalation of user privileges, and potential data tampering or inadvertent information disclosure.

Affected Version(s)

DGX GB200, HGX GB300, HGC B300 HMC GB200 1.2, GB300 0.8 dev drop, B300 0.6

HGX GB200, HGX GB300, HGC B300 HMC GB200 1.2, GB300 0.8 dev drop, B300 0.6

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5692

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jan 14, 2025

Nvidia

What is CVE-2025-23337?

Affected Version(s)

References

CVSS V3.1

Timeline