CVE-2025-33192

MEDIUM

Published Nov 25, 2025 Modified Dec 2, 2025 CWE-690

Description

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3.1 Score

5.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Weakness Type (CWE)

CWE-690 CWE-690

Affected Products

Vendor	Product	Versions
nvidia	dgx_os	All
nvidia	dgx_spark	All

References

Advisories & Patches

https://nvidia.custhelp.com/app/answers/detail/a_id/5720

Other References

https://nvd.nist.gov/vuln/detail/CVE-2025-33192 https://www.cve.org/CVERecord?id=CVE-2025-33192

Frequently Asked Questions

What is CVE-2025-33192? +

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. It has a CVSS v3.1 base score of 5.7 (MEDIUM).

How severe is CVE-2025-33192? +

CVE-2025-33192 has a CVSS v3.1 score of 5.7 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-33192? +

CVE-2025-33192 affects products from nvidia, specifically: dgx_os, dgx_spark. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-33192? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-23085 7.5

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple …

CVE-2026-24160 5.5

NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null …

CVE-2024-31175 5.3

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated …

CVE-2024-23915 5.3

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated …

CVE-2024-23916 5.3

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated …

CVE-2024-31164 5.3

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated …

Quick Facts

CVSS Score: 5.7
Severity: MEDIUM
Published: Nov 25, 2025

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2025-33192.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →

CVE-2025-33192

Description

CVSS v3.1 Score

Weakness Type (CWE)

Affected Products

References

Advisories & Patches

Other References

Frequently Asked Questions

Related Vulnerabilities

Don't wait for an exploit