CVE-2025-33242 PUBLISHED

Assigner: nvidia
Reserved: 15.04.2025 Published: 24.03.2026 Updated: 24.03.2026

NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
CVSS Score: 5.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	NVIDIA
Product	HGX and DGX B300
Versions	Default: unaffected Version All versions prior to and including 1.0 is affected

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33242
https://www.cve.org/CVERecord?id=CVE-2025-33242
https://nvidia.custhelp.com/app/answers/detail/a_id/5768

Problem Types

CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks CWE

Impacts

Denial of Service, Data Tampering