CVE-2025-33187Improper Privilege Management in Nvidia DGX Spark

CWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
CNA9.3
EPSS
0.0%
top 95.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia DGX Spark
Timeline
PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

2
CVEList
CVE-2025-33187: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas2025-11-25
GHSA
GHSA-3x2h-xf26-7556: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas2025-11-25
CVE-2025-33187 — Improper Privilege Management | cvebase