Firmware Vulnerability in NVIDIA DGX Spark GB10 Exposes Resource Reuse Risk
CVE-2025-33198

3.3LOW

Key Information:

Vendor: Nvidia
Status: Dgx Spark
Vendor: CVE Published:; 25 November 2025

What is CVE-2025-33198?

A vulnerability in the SROOT firmware of NVIDIA DGX Spark GB10 allows attackers to potentially exploit resource reuse. This could lead to unauthorized access to sensitive information. Proper mitigation strategies and updates are essential to safeguard systems against this threat.

Affected Version(s)

DGX Spark NVIDIA DGX OS All versions prior to OTA0

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33198

https://www.cve.org/CVERecord?id=CVE-2025-33198

https://nvidia.custhelp.com/app/answers/detail/a_id/5720

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Apr 15, 2025

JSON

Nvidia

What is CVE-2025-33198?

Affected Version(s)

References

CVSS V3.1

Timeline