CVE-2025-33194
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-12-02
Assigner: NVIDIA Corporation
Description
Description
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | dgx_os | * |
| nvidia | dgx_spark | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-180 | The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SROOT firmware of NVIDIA DGX Spark GB10. It allows an attacker to cause improper processing of input data, which could be exploited to disclose information or cause a denial of service.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to information disclosure or denial of service, potentially affecting the availability and confidentiality of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70