Vulnerability-Lookup

CVE-2025-33194 (GCVE-0-2025-33194)

Vulnerability from cvelistv5 – Published: 2025-11-25 17:59 – Updated: 2025-11-25 19:38

Summary

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.

Severity

5.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize

Assigner

nvidia

References

3 references

URL	Tags
https://nvd.nist.gov/vuln/detail/CVE-2025-33194
https://www.cve.org/CVERecord?id=CVE-2025-33194
https://nvidia.custhelp.com/app/answers/detail/a_…

Impacted products

1 product

Vendor	Product	Version
NVIDIA	DGX Spark	Affected: All versions prior to OTA0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33194",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T19:38:45.751294Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T19:38:56.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "NVIDIA DGX OS"
          ],
          "product": "DGX Spark",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to OTA0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service."
            }
          ],
          "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service, Information Disclosure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "CWE-180 Incorrect Behavior Order: Validate Before Canonicalize",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T17:59:27.294Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33194"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33194"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33194",
    "datePublished": "2025-11-25T17:59:27.294Z",
    "dateReserved": "2025-04-15T18:51:03.729Z",
    "dateUpdated": "2025-11-25T19:38:56.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-33194",
      "date": "2026-06-27",
      "epss": "0.0013",
      "percentile": "0.02944"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-33194\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2025-11-25T18:15:51.113\",\"lastModified\":\"2026-06-17T09:13:13.070\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.\"},{\"lang\":\"es\",\"value\":\"NVIDIA DGX Spark GB10 contiene una vulnerabilidad en el firmware SROOT, donde un atacante podr\u00eda causar un procesamiento incorrecto de los datos de entrada. Un exploit exitoso de esta vulnerabilidad podr\u00eda llevar a la revelaci\u00f3n de informaci\u00f3n o a la denegaci\u00f3n de servicio.\"}],\"affected\":[{\"source\":\"psirt@nvidia.com\",\"affectedData\":[{\"vendor\":\"NVIDIA\",\"product\":\"DGX Spark\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"NVIDIA DGX OS\"],\"versions\":[{\"version\":\"All versions prior to OTA0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.5,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-25T19:38:45.751294Z\",\"id\":\"CVE-2025-33194\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-180\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:dgx_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40EF912C-72C4-4758-9157-169CE92B33C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:dgx_spark:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76975E53-4E5C-4C6D-85D9-EE2879F960DF\"}]}]}],\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2025-33194\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5720\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2025-33194\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-33194\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-25T19:38:45.751294Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-25T19:38:52.106Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service, Information Disclosure\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"DGX Spark\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to OTA0\"}], \"platforms\": [\"NVIDIA DGX OS\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2025-33194\"}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2025-33194\"}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5720\"}], \"x_generator\": {\"engine\": \"NVIDIA PSIRT\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.\", \"base64\": true}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-180\", \"description\": \"CWE-180 Incorrect Behavior Order: Validate Before Canonicalize\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2025-11-25T17:59:27.294Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-33194\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T19:38:56.479Z\", \"dateReserved\": \"2025-04-15T18:51:03.729Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2025-11-25T17:59:27.294Z\", \"assignerShortName\": \"nvidia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2025-14847

Vulnerability from fstec - Published: 25.11.2025

Title

Уязвимость компонента SROOT операционной системы NVIDIA DGX OS рабочих станций для искусственного интеллекта DGX Spark, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Description

Уязвимость компонента SROOT операционной системы NVIDIA DGX OS рабочих станций для искусственного интеллекта DGX Spark связана с неправильным порядком поведения. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании

Severity


                    
                      AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Vendor

NVIDIA Corp.

Software Name

NVIDIA DGX OS

Software Version

до OTA0 (NVIDIA DGX OS)

Possible Mitigations

Использование рекомендаций: https://nvidia.custhelp.com/app/answers/detail/a_id/5720

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5720 https://1275.ru/vulnerability/kriticheskie-uyazvimosti-v-nvidia-dgx-spark-ugrozy-vypolneniya-koda-i-dos-atak_16689

CWE

CWE-180

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NVIDIA Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e OTA0 (NVIDIA DGX OS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5720",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14847",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-33194",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NVIDIA DGX OS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "NVIDIA Corp. NVIDIA DGX OS \u0434\u043e OTA0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SROOT \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NVIDIA DGX OS \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043f\u043e\u0440\u044f\u0434\u043e\u043a \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f: \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u044f \u0434\u043e \u043a\u0430\u043d\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0438 (CWE-180)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SROOT \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NVIDIA DGX OS \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u043e\u043c \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 NVIDIA GB10 Grace Blackwell Superchip.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720\nhttps://1275.ru/vulnerability/kriticheskie-uyazvimosti-v-nvidia-dgx-spark-ugrozy-vypolneniya-koda-i-dos-atak_16689",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-180",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)"
}

FKIE_CVE-2025-33194

Vulnerability from fkie_nvd - Published: 2025-11-25 18:15 - Updated: 2026-06-17 09:13

Severity

5.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
psirt@nvidia.com	https://nvd.nist.gov/vuln/detail/CVE-2025-33194	Third Party Advisory
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5720	Vendor Advisory
psirt@nvidia.com	https://www.cve.org/CVERecord?id=CVE-2025-33194	Third Party Advisory

Impacted products

	Vendor	Product	Version
	nvidia	dgx_os	-
	nvidia	dgx_spark	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "NVIDIA DGX OS"
          ],
          "product": "DGX Spark",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to OTA0"
            }
          ]
        }
      ],
      "source": "psirt@nvidia.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:dgx_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF912C-72C4-4758-9157-169CE92B33C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:dgx_spark:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76975E53-4E5C-4C6D-85D9-EE2879F960DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service."
    },
    {
      "lang": "es",
      "value": "NVIDIA DGX Spark GB10 contiene una vulnerabilidad en el firmware SROOT, donde un atacante podr\u00eda causar un procesamiento incorrecto de los datos de entrada. Un exploit exitoso de esta vulnerabilidad podr\u00eda llevar a la revelaci\u00f3n de informaci\u00f3n o a la denegaci\u00f3n de servicio."
    }
  ],
  "id": "CVE-2025-33194",
  "lastModified": "2026-06-17T09:13:13.070",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.7,
        "source": "psirt@nvidia.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-33194",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-11-25T19:38:45.751294Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2025-11-25T18:15:51.113",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33194"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33194"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-180"
        }
      ],
      "source": "psirt@nvidia.com",
      "type": "Secondary"
    }
  ]
}

GHSA-8R66-VG6C-X88H

Vulnerability from github – Published: 2025-11-25 18:32 – Updated: 2025-11-25 18:32

Details

Severity

5.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-33194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-180"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-25T18:15:51Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service.",
  "id": "GHSA-8r66-vg6c-x88h",
  "modified": "2025-11-25T18:32:22Z",
  "published": "2025-11-25T18:32:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33194"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-2674

Vulnerability from csaf_certbund - Published: 2025-11-25 23:00 - Updated: 2025-11-25 23:00

Summary

Lenovo PGX Workstation (ThinkStation): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Lenovo ist ein Hersteller u. a. von Computern.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Lenovo PGX Workstation (ThinkStation) ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Windows

CVE-2025-33187

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33189

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33190

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33191

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33192

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33193

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33194

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33196

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33197

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33198

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33199

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33200

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.lenovo.com/us/en/product_security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Lenovo ist ein Hersteller u. a. von Computern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Lenovo PGX Workstation (ThinkStation) ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Informationen offenzulegen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuf\u00fchren, und um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2674 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2674.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2674 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2674"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory vom 2025-11-25",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-208434"
      }
    ],
    "source_lang": "en-US",
    "title": "Lenovo PGX Workstation (ThinkStation): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-25T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-26T11:09:42.472+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2674",
      "initial_release_date": "2025-11-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Flash BIOS Update-ThinkStation PGX \u003cS0QKT0AA",
                "product": {
                  "name": "Lenovo Computer Flash BIOS Update-ThinkStation PGX \u003cS0QKT0AA",
                  "product_id": "T048898"
                }
              },
              {
                "category": "product_version",
                "name": "Flash BIOS Update-ThinkStation PGX S0QKT0AA",
                "product": {
                  "name": "Lenovo Computer Flash BIOS Update-ThinkStation PGX S0QKT0AA",
                  "product_id": "T048898-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:computer:flash_bios_update_-_thinkstation_pgx__s0qkt0aa"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Computer"
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-33187",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33187"
    },
    {
      "cve": "CVE-2025-33188",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33188"
    },
    {
      "cve": "CVE-2025-33189",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33189"
    },
    {
      "cve": "CVE-2025-33190",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33190"
    },
    {
      "cve": "CVE-2025-33191",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33191"
    },
    {
      "cve": "CVE-2025-33192",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33192"
    },
    {
      "cve": "CVE-2025-33193",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33193"
    },
    {
      "cve": "CVE-2025-33194",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33194"
    },
    {
      "cve": "CVE-2025-33195",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33195"
    },
    {
      "cve": "CVE-2025-33196",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33196"
    },
    {
      "cve": "CVE-2025-33197",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33197"
    },
    {
      "cve": "CVE-2025-33198",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33198"
    },
    {
      "cve": "CVE-2025-33199",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33199"
    },
    {
      "cve": "CVE-2025-33200",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33200"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-33194 (GCVE-0-2025-33194)

BDU:2025-14847

FKIE_CVE-2025-33194

GHSA-8R66-VG6C-X88H

WID-SEC-W-2025-2674

Tags

Sightings

Nomenclature