CVE-2025-33195

CWE-119Buffer OverflowCWE-744 documents4 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nvidia DGX Spark
Timeline
PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages1 packages

CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

2
CVEList
CVE-2025-33195: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations2025-11-25
GHSA
GHSA-c92j-gx9r-6644: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations2025-11-25

📋Vendor Advisories

1
Microsoft
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not 2021-08-10
CVE-2025-33195 (HIGH CVSS 7.8) | NVIDIA DGX Spark GB10 contains a vu | cvebase.io