CVE-2025-33197NVD

Vulnerability Summary

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service.

Severity Level

MEDIUM(4.3)

Published Date

Nov 25, 2025

Last Modified

Nov 25, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-476: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityNone

IntegrityNone

AvailabilityLow

External References

https://nvd.nist.gov/vuln/detail/CVE-2025-33197
https://nvidia.custhelp.com/app/answers/detail/a_id/5720
https://www.cve.org/CVERecord?id=CVE-2025-33197

Critical Alert 3 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2025-33197NVD

Vulnerability Summary

External References