Cybersecurity Vulnerabilities

NVIDIA DGX Spark GB10 Vulnerable! CVE-2025-33193 Allows Information Disclosure

November 25, 2025 - By 

Overview

CVE-2025-33193 describes a medium severity vulnerability affecting NVIDIA DGX Spark GB10 systems. The vulnerability resides in the SROOT firmware and stems from improper validation of integrity. A successful exploit could lead to information disclosure.

Technical Details

The specific flaw involves insufficient integrity checking within the SROOT firmware of the NVIDIA DGX Spark GB10. An attacker with sufficient privileges or access to the system could potentially manipulate the SROOT firmware. Due to the inadequate integrity validation, the modified firmware may be accepted and executed. This could lead to the unauthorized access and exposure of sensitive information stored or processed by the DGX Spark GB10.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-33193 is 5.7, indicating a MEDIUM severity vulnerability. This score reflects the potential for information disclosure and the relative difficulty of exploitation.

Possible Impact

Successful exploitation of this vulnerability could result in:

  • Information Disclosure: An attacker could gain access to sensitive data stored or processed by the NVIDIA DGX Spark GB10. This data might include proprietary algorithms, confidential datasets, or other critical information.
  • System Compromise: While the CVSS score reflects information disclosure, successful exploitation could be a stepping stone to further compromise of the system depending on the nature of the disclosed information and the system’s configuration.

Mitigation and Patch Steps

NVIDIA has released a security update to address this vulnerability. Users of NVIDIA DGX Spark GB10 systems are strongly advised to take the following steps:

  1. Apply the Latest Firmware Update: Download and install the latest SROOT firmware update from the NVIDIA support website.
  2. Follow NVIDIA’s Security Advisories: Stay informed about security updates and advisories released by NVIDIA.
  3. Implement Strong Access Controls: Enforce strong access control policies to limit access to the DGX Spark GB10 system and its firmware.

References

NVD CVE-2025-33193 Details
NVIDIA Security Advisory
CVE Record

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *