Vulnerability in NVIDIA HGX & DGX GB200 and GB300 Management Controllers
CVE-2025-23337

6.7MEDIUM

Key Information:

Vendor: Nvidia
Status: Hgx Gb200, Hgx Gb300, Hgc B300; Dgx Gb200, Hgx Gb300, Hgc B300
Vendor: CVE Published:; 17 September 2025

What is CVE-2025-23337?

A security flaw exists in the HGX Management Controller (HMC) of NVIDIA's HGX and DGX products, allowing an attacker with administrative access on the Baseboard Management Controller (BMC) to gain elevated privileges on the HMC. This vulnerability could lead to critical operational risks such as unauthorized code execution, denial of service, escalation of user privileges, and potential data tampering or inadvertent information disclosure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DGX GB200, HGX GB300, HGC B300 HMC GB200 1.2, GB300 0.8 dev drop, B300 0.6

HGX GB200, HGX GB300, HGC B300 HMC GB200 1.2, GB300 0.8 dev drop, B300 0.6

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5692

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Jan 14, 2025

JSON

Nvidia

What is CVE-2025-23337?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.