CVE-2025-23301
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-04

Last updated on: 2025-09-05

Assigner: NVIDIA Corporation

Description
NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-04
Last Modified
2025-09-05
Generated
2026-06-16
AI Q&A
2025-09-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-23301
EUVD
EUVD-2025-26738
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
nvidia ls10 1.7.1
nvidia dgx *
nvidia ls10 1.2.0
nvidia hopper_hgx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1244 The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects NVIDIA HGX and DGX systems due to a misconfiguration in the VBIOS that allows an attacker to set an unsafe debug access level. This unsafe debug access level can be exploited to cause a denial of service (DoS) condition. The vulnerability is related to improper access control, specifically CWE-1244, which involves internal assets being exposed to unsafe debug states. [1]

Impact Analysis

If exploited, this vulnerability can lead to a denial of service (DoS) condition on affected NVIDIA HGX and DGX systems. The impact includes low integrity and availability impacts, meaning the system's normal operation could be disrupted, but there is no loss of confidentiality. [1]

Mitigation Strategies

To mitigate this vulnerability, you should download and install the latest updates for the affected LS10 component from the NVIDIA Developer Tools page. Specifically, update to version 1.8.0 for Hopper HGX and DGX systems, and version 1.2.1 for HGX and DGX Blackwell systems, as these versions resolve the issue. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-23301. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart