CVE-2025-33192 β Unchecked Return Value to NULL Pointer Dereference in Nvidia DGX Spark
Severity
5.5MEDIUMNVD
CNA5.7
EPSS
0.0%
top 91.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 25
Description
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages1 packages
π΄Vulnerability Details
2CVEListβΆ
CVE-2025-33192: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory readβ2025-11-25
GHSAβΆ
GHSA-hg6r-rcqm-2m8j: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory readβ2025-11-25