What is the CVSS score of CVE-2025-33242?

CVE-2025-33242 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Nvidia are affected by CVE-2025-33242?

Organizations using NVIDIA B300 MCU should be aware of moderate risk from CVE-2025-33242 rated CVSS 5.9. Exploitation could compromise the security of affected deployments.

How to fix or mitigate CVE-2025-33242?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Nvidia CVE-2025-33242

EUVD-2025-208971 MEDIUM

Hardware Internal or Debug Modes Allow Override of Locks (CWE-1234)

2026-03-24 nvidia

GHSA-wrfr-265x-gm85

Denial Of Service Nvidia

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 24, 2026 - 20:31 euvd

EUVD-2025-208971

Analysis Generated

Mar 24, 2026 - 20:31 vuln.today

CVE Published

Mar 24, 2026 - 20:22 nvd

MEDIUM 5.9

DescriptionNVD

NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.

AnalysisAI

This vulnerability in NVIDIA's B300 MCU (specifically the CX8 MCU component) allows privileged attackers with network access to modify unsupported hardware registries, potentially causing denial of service and data tampering. The flaw affects HGX and DGX B300 systems and requires high privileges and non-trivial attack complexity to exploit, though no public exploit code or active exploitation has been reported at this time. SSVC assessment indicates the vulnerability presents partial technical impact with no known automated exploitation capability.

Technical ContextAI

The vulnerability resides in the CX8 MCU (Microcontroller Unit) firmware component integrated into NVIDIA's B300 HGX and DGX accelerator platforms (identified via CPE cpe:2.3:a:nvidia:hgx_and_dgx_b300). The root cause is classified under CWE-1234, which generally relates to improper resource validation or access control mechanisms. The B300 MCU is responsible for managing hardware state, power delivery, and system monitoring; unauthorized registry modifications can corrupt internal state machines, trigger watchdog resets, or corrupt telemetry data. The attack surface is limited to network-accessible MCU management interfaces, typically protected by authentication and accessed through administrative channels.

RemediationAI

Apply the security update provided by NVIDIA for the B300 MCU firmware via the vendor advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5768. Until patching is possible, restrict network access to the MCU management interface to trusted administrative hosts only, implement network segmentation to isolate B300 systems from untrusted subnets, enforce strong authentication and role-based access control on MCU administrative accounts, and monitor MCU logs for unauthorized registry modification attempts. Coordinate patching with your NVIDIA support team to ensure compatibility with your HGX/DGX firmware versions and avoid service interruption.