CVE-2025-33189NVD

Vulnerability Summary

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges.

Severity Level

HIGH(7.8)

Published Date

Nov 25, 2025

Last Modified

Nov 25, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-787: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-33189
https://nvidia.custhelp.com/app/answers/detail/a_id/5720
https://www.cve.org/CVERecord?id=CVE-2025-33189

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-33189NVD

Vulnerability Summary

External References