CVE-2025-33205 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvidia	CNA	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Vendor	Product	Version
nvidia	nemo	𝑥 < 2.5.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Vulnerability Media Exposure

[GERMAN] Attacken auf Nvidia-KI-Hard- und Software DGX Spark und NeMo möglich
Angreifer können unter anderem an einer kritischen Sicherheitslücke in Nvidias KI-Computer DGX Spark ansetzen.
Published: 2025-11-26T10:24:00+00:00

References

https://nvd.nist.gov/vuln/detail/CVE-2025-33205

https://nvidia.custhelp.com/app/answers/detail/a_id/5729

https://www.cve.org/CVERecord?id=CVE-2025-33205