CVE-2025-33188 HIGH

CVE-2025-33188

Vendor Nvidia

Product DGX Spark

Weakness CWE-269

Published November 25, 2025

Last update November 25, 2025

View on NVD All CVEs

CVSS base score

8.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

Key dates

02Disclosure timeline

November 25, 2025 CVE published

November 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-33188 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2024-21622 Craft CMS Privilege Escalation CVE-2024-33550 WordPress WP Masquerade plugin <= 1.1.0 - Authenticated Account Takeover vulnerability CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki CVE-2026-40172 authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation