CVE-2025-33193 – NVIDIA DGX Spark GB10 systems contain a vulnera... (How to Fix)

Q: What is the severity of CVE-2025-33193?

CVE-2025-33193 has a CVSS score of 5.7 (MEDIUM). NVIDIA DGX Spark GB10 systems contain a vulnerability in SROOT firmware where improper integrity validation could allow attackers to access sensitive information. This affects organizations using NVIDIA DGX Spark GB10 systems with vulnerable firmware versions. The vulnerability requires local access to exploit.

📋 TL;DR

NVIDIA DGX Spark GB10 systems contain a vulnerability in SROOT firmware where improper integrity validation could allow attackers to access sensitive information. This affects organizations using NVIDIA DGX Spark GB10 systems with vulnerable firmware versions. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:

NVIDIA DGX Spark GB10

Versions: SROOT firmware versions prior to the patched version

Operating Systems: DGX OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects NVIDIA DGX Spark GB10 systems with vulnerable SROOT firmware versions. Requires local access to the system.

📦 What is this software?

Dgx Os by Nvidia

View all CVEs affecting Dgx Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized access to sensitive system information, potentially including cryptographic keys, configuration data, or other protected information stored in firmware.

🟠

Likely Case

Information disclosure of firmware-related data to authenticated local users who shouldn't have access to that information.

🟢

If Mitigated

Minimal impact with proper access controls and network segmentation limiting local access to trusted users only.

🌐 Internet-Facing: LOW - Requires local access to system, not remotely exploitable over network.

🏢 Internal Only: MEDIUM - Internal users with local access could exploit this vulnerability to access sensitive firmware information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access to the system. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA advisory for specific patched firmware version

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5720

Restart Required: Yes

Instructions:

1. Review NVIDIA advisory for patched firmware version. 2. Download updated SROOT firmware from NVIDIA. 3. Apply firmware update following NVIDIA documentation. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit physical and local console access to trusted administrators only

Implement Least Privilege

all

Ensure users only have necessary permissions and cannot access firmware management functions

🧯 If You Can't Patch

Implement strict access controls to limit who can physically access the system
Monitor system logs for unauthorized access attempts to firmware components

🔍 How to Verify

Check if Vulnerable:

Check current SROOT firmware version against NVIDIA advisory to determine if vulnerable version is installed

Check Version:

Check system documentation or NVIDIA management tools for SROOT firmware version

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in NVIDIA advisory

📡 Detection & Monitoring

Log Indicators:

Unauthorized firmware access attempts
Unexpected firmware read operations
System logs showing firmware integrity checks

Network Indicators:

Not applicable - local access required

SIEM Query:

Search for firmware access events from non-admin users or unexpected firmware read operations

📊 Metadata

CVE ID: CVE-2025-33193

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CWE: CWE-354

EPSS Score: 0.01% exploit probability (0.7th percentile)

Published: November 25, 2025

Last Updated: December 2, 2025

🔗 References

https://nvd.nist.gov/vuln/detail/CVE-2025-33193 Third Party Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5720 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-33193 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33193, you might also want to check these: