NVIDIA disclosed 14 vulnerabilities in its DGX Spark GB10 AI workstation on November 25, 2025, affecting all DGX OS versions before OTA0.
These flaws, mainly in the SROOT firmware and hardware resources, enable local attackers with privileged access to bypass protections, leading to remote code execution, data tampering, information disclosure, denial-of-service, and privilege escalation.
The DGX Spark, a compact Grace Blackwell-powered system for AI model training and inference, faces significant risks in enterprise environments that handle sensitive machine learning data.
Critical issues like CVE-2025-33187 (CVSS 9.3, CWE-269) allow attackers to access SoC-protected areas via SROOT, potentially compromising the entire system through arbitrary code execution.
Similarly, CVE-2025-33188 (CVSS 8.0) permits tampering with hardware control, while out-of-bounds writes in CVE-2025-33189 (CVSS 7.8, CWE-787) and CVE-2025-33190 (CVSS 6.7) enable memory corruption for code execution or DoS.
Vulnerability Summary
Lower-severity flaws include invalid memory reads (CVE-2025-33191, CVSS 5.7, CWE-20), arbitrary memory reads (CVE-2025-33192, CWE-690), integrity check failures (CVE-2025-33193, CWE-354), and input mishandling (CVE-2025-33194, CWE-180), all of which risk DoS or leaks.
Additional risks from buffer issues (CVE-2025-33195, CWE-119), resource reuse (CVE-2025-33196/33198/33200, CWE-226), NULL pointer derefs (CVE-2025-33197, CWE-476), and control flow errors (CVE-2025-33199, CWE-670) further expose systems.
| CVE ID | Vector | Base Score | Severity | CWE | Key Impacts |
|---|---|---|---|---|---|
| CVE-2025-33187 | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 9.3 | Critical | 269 | Code exec, info disclosure, tampering |
| CVE-2025-33188 | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H | 8.0 | High | 269 | Disclosure, tampering, DoS |
| CVE-2025-33189 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | 787 | Code exec, tampering, DoS |
| CVE-2025-33190 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 6.7 | Medium | 787 | Code exec, tampering, DoS |
| CVE-2025-33191 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 20 | DoS |
| CVE-2025-33192 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 690 | Code exec, DoS, disclosure |
| CVE-2025-33193 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 354 | Code exec, DoS, disclosure |
| CVE-2025-33194 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 180 | Disclosure, DoS |
| CVE-2025-33195 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | 4.4 | Medium | 119 | Tampering, DoS, escalation |
| CVE-2025-33196 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 4.4 | Medium | 226 | Disclosure |
| CVE-2025-33197 | AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L | 4.3 | Medium | 476 | Code exec, DoS |
| CVE-2025-33198 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 3.3 | Low | 226 | Disclosure |
| CVE-2025-33199 | AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N | 3.2 | Low | 670 | Tampering |
| CVE-2025-33200 | AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 2.3 | Low | 226 | Disclosure |
Mitigation Steps
NVIDIA urges immediate upgrade to DGX OS OTA0, available from the DGX Spark product page and NVIDIA Product Security site.
The flaws were found by NVIDIA’s Offensive Security Research team, with no known exploits in the wild.
Organizations using DGX Spark for AI workloads should prioritize patching to safeguard high-value models and data from local threats.
