CVE-2025-23337 MEDIUM

CVE-2025-23337

Vendor Nvidia
Product HGX GB200, HGX GB300, HGC B300
Weakness CWE-1244
Published September 17, 2025
Last update February 26, 2026

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Key dates

02Disclosure timeline

September 17, 2025 CVE published
February 26, 2026 Record updated