{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33242", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-04-15T18:51:08.192Z", "datePublished": "2026-03-24T20:22:57.087Z", "dateUpdated": "2026-03-24T20:55:26.563Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:22:57.087Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1234", "description": "CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service, Data Tampering"}]}], "affected": [{"vendor": "NVIDIA", "product": "HGX and DGX B300", "platforms": ["CX8 MCU"], "versions": [{"status": "affected", "version": "All versions prior to and including 1.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33242"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33242"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5768"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T20:51:29.084680Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:55:26.563Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33242", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T20:51:29.084680Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T20:53:30.749Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service, Data Tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "HGX and DGX B300", "versions": [{"status": "affected", "version": "All versions prior to and including 1.0"}], "platforms": ["CX8 MCU"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33242"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33242"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5768"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1234", "description": "CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:22:57.087Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33242", "state": "PUBLISHED", "dateUpdated": "2026-03-24T20:55:26.563Z", "dateReserved": "2025-04-15T18:51:08.192Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-24T20:22:57.087Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead to denial of service and data tampering."}], "id": "CVE-2025-33242", "lastModified": "2026-03-25T15:41:58.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.2, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:24.253", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33242"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5768"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2025-33242"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1234"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["cx8_mcu"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0]"}}], "original": {"product": "HGX and DGX B300", "source": "cna", "vendor": "NVIDIA"}, "product": "dgx_b300", "vendor": "nvidia"}, {"configurations": [{"platform": ["cx8_mcu"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "HGX and DGX B300", "source": "cna", "vendor": "NVIDIA"}, "product": "hgx_b300", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-24T21:24:02.772889+00:00", "value": {"mitigation_remediation": ["Obtain and apply the latest firmware update for the NVIDIA B300 CX8 MCU from NVIDIA\u2019s support portal.", "Refrain from manually modifying unsupported registry entries on the CX8 MCU, following NVIDIA\u2019s official guidelines.", "Monitor system logs for unexpected registry changes and prepare to restore the MCU to a factory state if tampering is detected."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service and Data Integrity Compromise"}, "threat_synthesis": {"affected_systems": "The flaw affects NVIDIA HGX and DGX B300 platforms, specifically the CX8 MCU component. No specific firmware or hardware revisions are listed in the CVE data, so all B300 systems using the affected MCU are potentially vulnerable until a vendor patch is applied.", "description_and_impact": "NVIDIA\u2019s B300 MCU houses a CX8 microcontroller unit that can be exploited by a malicious actor to alter unsupported registry entries, producing a bad state. This manipulation can lead to both interruption of service and alteration of critical data stored within the MCU. The vulnerability is rooted in a flaw that allows unauthorized registry modification, a weakness that directly threatens system availability and integrity.", "risk_and_exploitability": "The reported CVSS score of 5.9 indicates a moderate severity, and the EPSS score is not available, so the exact likelihood of exploitation cannot be quantified from the CVE report. The vulnerability is not included in the CISA KEV catalog, suggesting no publicly known exploits yet. Based on the description, the attack likely requires privileged access to the MCU\u2014either through firmware update interfaces or a physically proximate attack vector. While remote exploitation is not explicitly stated, the ability to modify unsupported registries hints at a low\u2011to\u2011medium complexity attack that could be performed by an adversary with sufficient access to the device\u2019s firmware management pathway."}}}}, "created": "2026-03-25T11:46:05.794195+00:00", "title": "MCU Registry Modification Leading to Denial of Service and Data Tampering in NVIDIA B300", "updated": "2026-03-25T20:57:32.134941+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$dgx_b300", "nvidia$PRODUCT$hgx_b300"]}