NVIDIA disclosed 14 vulnerabilities in its DGX Spark GB10 AI workstation on November 25, 2025, affecting all DGX OS versions before OTA0.
These flaws, mainly in the SROOT firmware and hardware resources, enable local attackers with privileged access to bypass protections, leading to remote code execution, data tampering, information disclosure, denial-of-service, and privilege escalation.
The DGX Spark, a compact Grace Blackwell-powered system for AI model training and inference, faces significant risks in enterprise environments that handle sensitive machine learning data.
Critical issues like CVE-2025-33187 (CVSS 9.3, CWE-269) allow attackers to access SoC-protected areas via SROOT, potentially compromising the entire system through arbitrary code execution.
Similarly, CVE-2025-33188 (CVSS 8.0) permits tampering with hardware control, while out-of-bounds writes in CVE-2025-33189 (CVSS 7.8, CWE-787) and CVE-2025-33190 (CVSS 6.7) enable memory corruption for code execution or DoS.
Lower-severity flaws include invalid memory reads (CVE-2025-33191, CVSS 5.7, CWE-20), arbitrary memory reads (CVE-2025-33192, CWE-690), integrity check failures (CVE-2025-33193, CWE-354), and input mishandling (CVE-2025-33194, CWE-180), all of which risk DoS or leaks.
Additional risks from buffer issues (CVE-2025-33195, CWE-119), resource reuse (CVE-2025-33196/33198/33200, CWE-226), NULL pointer derefs (CVE-2025-33197, CWE-476), and control flow errors (CVE-2025-33199, CWE-670) further expose systems.
| CVE ID | Vector | Base Score | Severity | CWE | Key Impacts |
|---|---|---|---|---|---|
| CVE-2025-33187 | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H | 9.3 | Critical | 269 | Code exec, info disclosure, tampering |
| CVE-2025-33188 | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H | 8.0 | High | 269 | Disclosure, tampering, DoS |
| CVE-2025-33189 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 7.8 | High | 787 | Code exec, tampering, DoS |
| CVE-2025-33190 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 6.7 | Medium | 787 | Code exec, tampering, DoS |
| CVE-2025-33191 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 20 | DoS |
| CVE-2025-33192 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 690 | Code exec, DoS, disclosure |
| CVE-2025-33193 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 354 | Code exec, DoS, disclosure |
| CVE-2025-33194 | AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 5.7 | Medium | 180 | Disclosure, DoS |
| CVE-2025-33195 | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L | 4.4 | Medium | 119 | Tampering, DoS, escalation |
| CVE-2025-33196 | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 4.4 | Medium | 226 | Disclosure |
| CVE-2025-33197 | AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L | 4.3 | Medium | 476 | Code exec, DoS |
| CVE-2025-33198 | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 3.3 | Low | 226 | Disclosure |
| CVE-2025-33199 | AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N | 3.2 | Low | 670 | Tampering |
| CVE-2025-33200 | AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N | 2.3 | Low | 226 | Disclosure |
NVIDIA urges immediate upgrade to DGX OS OTA0, available from the DGX Spark product page and NVIDIA Product Security site.
The flaws were found by NVIDIA’s Offensive Security Research team, with no known exploits in the wild.
Organizations using DGX Spark for AI workloads should prioritize patching to safeguard high-value models and data from local threats.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…