CVE-2025-23337
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-18
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | dgx_management_controller | * |
| nvidia | baseboard_management_controller | * |
| nvidia | hgx_management_controller | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1244 | The product uses physical debug or test interfaces with support for multiple access levels, but it assigns the wrong debug access level to an internal asset, providing unintended access to the asset from untrusted debug agents. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the HGX Management Controller (HMC) of NVIDIA HGX & DGX GB200, GB300, B300 systems. It allows a malicious actor who already has administrative access on the Baseboard Management Controller (BMC) to gain administrative access to the HMC. Exploiting this vulnerability can lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code, cause denial of service, escalate their privileges, disclose sensitive information, and tamper with data on affected NVIDIA systems. This can compromise the integrity, availability, and confidentiality of the system and its data.