CVE-2025-33194

CWE-180CWE-8354 documents4 sources
Severity
7.1HIGH
EPSS
0.0%
top 92.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia DGX Spark
Timeline
PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:LExploitability: 2.5 | Impact: 2.7

Affected Packages1 packages

CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

2
GHSA
GHSA-8r66-vg6c-x88h: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data2025-11-25
CVEList
CVE-2025-33194: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data2025-11-25

📋Vendor Advisories

1
Microsoft
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.2021-05-11
CVE-2025-33194 (HIGH CVSS 7.1) | NVIDIA DGX Spark GB10 contains a vu | cvebase.io