CVE-2025-23301
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | ls10 | 1.7.1 |
| nvidia | dgx | * |
| nvidia | ls10 | 1.2.0 |
| nvidia | hopper_hgx | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1244 | The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects NVIDIA HGX and DGX systems due to a misconfiguration in the VBIOS that allows an attacker to set an unsafe debug access level. This unsafe debug access level can be exploited to cause a denial of service (DoS) condition. The vulnerability is related to improper access control, specifically CWE-1244, which involves internal assets being exposed to unsafe debug states. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a denial of service (DoS) condition on affected NVIDIA HGX and DGX systems. The impact includes low integrity and availability impacts, meaning the system's normal operation could be disrupted, but there is no loss of confidentiality. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should download and install the latest updates for the affected LS10 component from the NVIDIA Developer Tools page. Specifically, update to version 1.8.0 for Hopper HGX and DGX systems, and version 1.2.1 for HGX and DGX Blackwell systems, as these versions resolve the issue. [2]