Firmware Vulnerability in NVIDIA DGX Systems
CVE-2025-33199

3.2LOW

Key Information:

Vendor

Nvidia
Status
Dgx Spark
Vendor
CVE Published:
25 November 2025

What is CVE-2025-33199?

The NVIDIA DGX Spark GB10 possesses a vulnerability in its SROOT firmware, which may enable attackers to manipulate control flow behavior. A successful exploit could result in unauthorized data tampering, posing significant risks to data integrity. Organizations using this product are encouraged to implement mitigations to safeguard against potential attacks.

Affected Version(s)

DGX Spark NVIDIA DGX OS All versions prior to OTA0

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33199
https://www.cve.org/CVERecord?id=CVE-2025-33199
https://nvidia.custhelp.com/app/answers/detail/a_id/5720

CVSS V3.1

Score:
3.2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.