NVIDIA recently disclosed 14 security vulnerabilities in its DGX Spark AI workstation (specifically the GB10 model), which could allow local attackers to execute malicious code, cause denial-of-service (DoS) attacks, disclose sensitive information, tamper with data, and escalate privileges. These flaws were identified by NVIDIA’s own Offensive Security Research team and detailed in their November 21, 2025, security bulletin. The issues primarily affect the SROOT and OSROOT firmware components in NVIDIA DGX OS versions prior to OTA0.
Key Vulnerabilities and Impacts
All vulnerabilities require local access (physical or authenticated proximity to the system), making them less exploitable remotely but still critical for environments handling sensitive AI data or high-value compute resources. Here’s a breakdown of the most severe ones:
• CVE-2025-33187 (Critical, CVSS 9.3): Improper privilege management in SROOT allows access to protected SoC areas, enabling code execution, data exfiltration, tampering, DoS, and privilege escalation.
• CVE-2025-33188 (High, CVSS 8.0): Tampering with hardware controls, leading to information disclosure, data tampering, and DoS.
• CVE-2025-33189 (High, CVSS 7.8): Out-of-bounds write in SROOT firmware, potentially causing code execution, tampering, DoS, disclosure, and escalation.
Lower-severity issues (e.g., CVE-2025-33191 to CVE-2025-33200, CVSS 2.3–5.7) involve problems like invalid memory reads, NULL pointer dereferences, and resource reuse, which could still contribute to DoS or minor disclosures.
Full details on all 14 CVEs, including CWE classifications and CVSS vectors, are available in NVIDIA’s bulletin.
Affected Systems
• Product: NVIDIA DGX Spark GB10
• Versions: All NVIDIA DGX OS releases before OTA0
These systems are high-end AI workstations used for training large models, so exploitation could compromise proprietary datasets or disrupt AI workflows.
Mitigation and Recommendations
NVIDIA has released OTA0 (Over-The-Air update 0) for DGX OS, which patches all listed vulnerabilities. To protect your systems:
1. Download the update from the NVIDIA DGX Spark page.
2. Apply it immediately via the standard DGX OS update process.
3. Limit physical and local access to affected systems until patched.
4. Monitor for unusual activity and consider network segmentation for AI hardware.
If you’re running DGX Spark, prioritize this update—it’s a straightforward fix for a potentially high-impact issue. For more on similar NVIDIA flaws, check resources like the NVD for ongoing CVE tracking. If you have specifics about your setup, I can help refine this advice!