Skip to main content

Nvidia CVE-2025-33242

| EUVDEUVD-2025-208971 MEDIUM
Hardware Internal or Debug Modes Allow Override of Locks (CWE-1234)
2026-03-24 nvidia GHSA-wrfr-265x-gm85
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 24, 2026 - 20:31 euvd
EUVD-2025-208971
Analysis Generated
Mar 24, 2026 - 20:31 vuln.today
CVE Published
Mar 24, 2026 - 20:22 nvd
MEDIUM 5.9

DescriptionCVE.org

NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.

AnalysisAI

This vulnerability in NVIDIA's B300 MCU (specifically the CX8 MCU component) allows privileged attackers with network access to modify unsupported hardware registries, potentially causing denial of service and data tampering. The flaw affects HGX and DGX B300 systems and requires high privileges and non-trivial attack complexity to exploit, though no public exploit code or active exploitation has been reported at this time. SSVC assessment indicates the vulnerability presents partial technical impact with no known automated exploitation capability.

Technical ContextAI

The vulnerability resides in the CX8 MCU (Microcontroller Unit) firmware component integrated into NVIDIA's B300 HGX and DGX accelerator platforms (identified via CPE cpe:2.3:a:nvidia:hgx_and_dgx_b300). The root cause is classified under CWE-1234, which generally relates to improper resource validation or access control mechanisms. The B300 MCU is responsible for managing hardware state, power delivery, and system monitoring; unauthorized registry modifications can corrupt internal state machines, trigger watchdog resets, or corrupt telemetry data. The attack surface is limited to network-accessible MCU management interfaces, typically protected by authentication and accessed through administrative channels.

RemediationAI

Apply the security update provided by NVIDIA for the B300 MCU firmware via the vendor advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5768. Until patching is possible, restrict network access to the MCU management interface to trusted administrative hosts only, implement network segmentation to isolate B300 systems from untrusted subnets, enforce strong authentication and role-based access control on MCU administrative accounts, and monitor MCU logs for unauthorized registry modification attempts. Coordinate patching with your NVIDIA support team to ensure compatibility with your HGX/DGX firmware versions and avoid service interruption.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2025-33242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy