← back
CVE-2025-23301

CVE-2025-23301

CVSS 4.2 MEDIUMEPSS 0.1%CWE-1244
In short

NVIDIA HGX and DGX systems have a vulnerability where incorrect firmware settings could allow an attacker to enable debug access that disrupts normal operations. This could cause the system to stop working.

Technical detail

A misconfigured VBIOS in NVIDIA HGX and DGX platforms permits an attacker to establish unsafe debug access levels, potentially triggering denial of service conditions. The vulnerability requires local or elevated access to modify firmware settings and impacts system availability.

Summary generated and translated by AI from the official description.
NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
Affected products
NVIDIA · HGX, DGX BlackwellNVIDIA · HGX, DGX Hopper

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23301https://nvidia.custhelp.com/app/answers/detail/a_id/5674https://www.cve.org/CVERecord?id=CVE-2025-23301