CVE-2025-33191

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 86.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX Spark

Timeline

PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:LExploitability: 2.5 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

GHSA

GHSA-2mg8-v7rr-mpqj: NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read↗2025-11-25

▶

CVEList

CVE-2025-33191: NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read↗2025-11-25

▶