CVE-2025-33191NVD

Vulnerability Summary

NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service.

Severity Level

MEDIUM(5.7)

Published Date

Nov 25, 2025

Last Modified

Nov 25, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityLow

IntegrityNone

AvailabilityLow

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-33191
https://nvidia.custhelp.com/app/answers/detail/a_id/5720
https://www.cve.org/CVERecord?id=CVE-2025-33191

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-33191NVD

Vulnerability Summary

External References