CVE-2025-23337

CVSS 6.7 MEDIUMEPSS 0.1%CWE-1244

In short

NVIDIA's HGX and DGX high-performance computing systems have a flaw in their management controller that lets someone with admin access to the system's low-level management interface (BMC) gain unauthorized admin control over the HGX Management Controller, potentially compromising the entire system.

Technical detail

A privilege escalation vulnerability exists in the HGX Management Controller (HMC) of NVIDIA HGX and DGX GB200/GB300/B300 platforms, allowing attackers with BMC administrative privileges to escalate to HMC administrator access. Successful exploitation can result in arbitrary code execution, DoS, privilege escalation, information disclosure, and data tampering on the affected hardware management layer.

Summary generated and translated by AI from the official description.

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

NVIDIA · DGX GB200, HGX GB300, HGC B300 NVIDIA · HGX GB200, HGX GB300, HGC B300

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5692