CVE-2025-33187
HIGH WAF: Low
CVSS 7.8
Published: 2025-11-25
CWE-269
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| nvidia | dgx_os | - |
References
- nvd.nist.gov (Third Party Advisory)
- nvidia.custhelp.com (Vendor Advisory)
- www.cve.org (Third Party Advisory)