DGX Spark GB10 SROOT FLW: Improper Intgrity Validation -> Info Disclosure
CVE-2025-33193 Published on November 25, 2025

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure.

NVD

Vulnerability Analysis

CVE-2025-33193 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission. Improper validation of checksums before use results in an unnecessary risk that can easily be mitigated. The protocol specification describes the algorithm used for calculating the checksum. It is then a simple matter of implementing the calculation and verifying that the calculated checksum and the received checksum match. Improper verification of the calculated checksum and the received checksum can lead to far greater consequences.


Affected Versions

NVIDIA DGX Spark Version All versions prior to OTA0 is affected by CVE-2025-33193

Exploit Probability

EPSS
0.01%
Percentile
0.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.