CVE-2025-33187 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 CRITICAL	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvidia	CNA	9.3 CRITICAL	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
nvidia	dgx_os	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-269 - Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Vulnerability Media Exposure

[GERMAN] Attacken auf Nvidia-KI-Hard- und Software DGX Spark und NeMo möglich
Angreifer können unter anderem an einer kritischen Sicherheitslücke in Nvidias KI-Computer DGX Spark ansetzen.
Published: 2025-11-26T10:24:00+00:00
[ENGLISH] ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
Published: 2025-12-01T18:17:00+05:30

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33187

https://nvidia.custhelp.com/app/answers/detail/a_id/5720

https://www.cve.org/CVERecord?id=CVE-2025-33187