9.3

CVE-2025-33187

Medienbericht
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NvidiaDgx Os Version-
   NvidiaDgx Spark Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@nvidia.com 9.3 2.5 6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
26.11.2025 11:42
https://nvd.nist.gov/vuln/detail/CVE-2025-33187
Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2025-33187
Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5720
Vendor Advisory