What is CVE-2025-33195?

CVE-2025-33195 is a medium-severity vulnerability in Nvidia Dgx Spark, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 4.4/10. Published 2025-11-25.

How severe is CVE-2025-33195?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Buffer overflow in Nvidia Dgx Spark

CVE-2025-33195

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (8.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Nvidia Dgx Spark — versions All versions prior to OTA0

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently asked questions

What is CVE-2025-33195?: CVE-2025-33195 is a medium-severity vulnerability in Nvidia Dgx Spark, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 4.4/10. Published 2025-11-25.
How severe is CVE-2025-33195?: Medium severity. CVSS v3 base score is 4.4 out of 10.