CVE ID: CVE-2025-33189 Publisher: NVIDIA Corporation Publication Date: 2025-11-25 Update Date: 2025-11-25 Description: NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges. CWE: CWE-787: CWE-787 Out-of-bounds Write CVSS Score: 7.8 (HIGH) Severity: HIGH CVSS Version: 3.1 Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Product Status: - Vendor: NVIDIA - Product: DGX Spark - Platforms: NVIDIA DGX OS - Affected Versions: All versions prior to OTA0 References: - https://nvd.nist.gov/vuln/detail/CVE-2025-33189 - https://www.cve.org/CVERecord?id=CVE-2025-33189 - https://nvidia.custhelp.com/app/answers/detail/a_id/5720