CVE-2025-33189

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 91.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia DGX Spark
Timeline
PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

2
CVEList
CVE-2025-33189: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write2025-11-25
GHSA
GHSA-f83q-jrfh-gq6m: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write2025-11-25
CVE-2025-33189 (HIGH CVSS 7.8) | NVIDIA DGX Spark GB10 contains a vu | cvebase.io