CVE-2025-33196 – This vulnerability in NVIDIA DGX Spark GB10's S... (How to Fix)

Q: What is the severity of CVE-2025-33196?

CVE-2025-33196 has a CVSS score of 4.4 (MEDIUM). This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows resource reuse, potentially enabling information disclosure. Attackers could exploit this to access sensitive data from the system. Only users of NVIDIA DGX Spark GB10 systems are affected.

📋 TL;DR

This vulnerability in NVIDIA DGX Spark GB10's SROOT firmware allows resource reuse, potentially enabling information disclosure. Attackers could exploit this to access sensitive data from the system. Only users of NVIDIA DGX Spark GB10 systems are affected.

💻 Affected Systems

Products:

NVIDIA DGX Spark GB10

Versions: All versions prior to SROOT firmware update

Operating Systems: DGX OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the vulnerable SROOT firmware component

📦 What is this software?

Dgx Os by Nvidia

View all CVEs affecting Dgx Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete information disclosure of sensitive system data, potentially including credentials, configuration details, or proprietary information stored in memory.

🟠

Likely Case

Partial information disclosure of system state or configuration data, potentially revealing system architecture or operational details.

🟢

If Mitigated

No impact if proper access controls and network segmentation prevent attackers from reaching vulnerable systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires access to the system and knowledge of the vulnerability to exploit

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SROOT firmware update as specified in NVIDIA advisory

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5720

Restart Required: Yes

Instructions:

1. Review NVIDIA advisory ESA-2025-001. 2. Download updated SROOT firmware from NVIDIA. 3. Apply firmware update following NVIDIA documentation. 4. Reboot system to activate new firmware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate DGX Spark GB10 systems from untrusted networks and limit access to authorized administrators only

Access Control Hardening

all

Implement strict access controls and authentication requirements for accessing DGX management interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Enhance monitoring and logging for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check SROOT firmware version against NVIDIA advisory ESA-2025-001

Check Version:

Check system firmware version through DGX management interface or NVIDIA system tools

Verify Fix Applied:

Verify SROOT firmware has been updated to version specified in NVIDIA advisory

📡 Detection & Monitoring

Log Indicators:

Unusual firmware access patterns
Multiple failed access attempts to SROOT components
Unexpected system reboots or firmware changes

Network Indicators:

Unusual traffic to DGX management interfaces
Multiple connection attempts to firmware update ports

SIEM Query:

source="dgx_logs" AND (event_type="firmware_access" OR event_type="system_reboot") AND user!="authorized_admin"

📊 Metadata

CVE ID: CVE-2025-33196

CVSS v3 Score: 4.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-226

EPSS Score: 0.02% exploit probability (2.8th percentile)

Published: November 25, 2025

Last Updated: December 2, 2025

🔗 References

https://nvd.nist.gov/vuln/detail/CVE-2025-33196 Technical Description
https://nvidia.custhelp.com/app/answers/detail/a_id/5720 Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2025-33196 Technical Description

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-33196, you might also want to check these: