CVE-2025-23337

Summary

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected Software

VendorProductVersion RangeStatus
NVIDIAHGX GB200, HGX GB300, HGC B300GB200 1.2, GB300 0.8 dev drop, B300 0.6affected
NVIDIADGX GB200, HGX GB300, HGC B300GB200 1.2, GB300 0.8 dev drop, B300 0.6affected

Weaknesses

  • CWE-1244: CWE-1244

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References