CVE-2025-33199

CWE-670 CWE-617 — Reachable Assertion4 documents4 sources

Severity

3.8LOW

EPSS

0.0%

top 95.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia DGX Spark

Timeline

PublishedNov 25

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:NExploitability: 1.5 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5nvidia/dgx_sparkAll versions prior to OTA0

🔴Vulnerability Details

CVEList

CVE-2025-33199: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior↗2025-11-25

▶

GHSA

GHSA-vw24-hhmf-xp64: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior↗2025-11-25

▶

📋Vendor Advisories

Microsoft

malformed proposed intoto v0.0.2 entries can cause a panic in Rekor↗2023-05-09

▶