Vulnerability-Lookup

CVE-2025-33199 (GCVE-0-2025-33199)

Vulnerability from cvelistv5 – Published: 2025-11-25 18:00 – Updated: 2025-11-25 21:23

Summary

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.

Severity

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-670 - Always-Incorrect Control Flow Implementation

Assigner

nvidia

References

3 references

URL	Tags
https://nvd.nist.gov/vuln/detail/CVE-2025-33199
https://www.cve.org/CVERecord?id=CVE-2025-33199
https://nvidia.custhelp.com/app/answers/detail/a_…

Impacted products

1 product

Vendor	Product	Version
NVIDIA	DGX Spark	Affected: All versions prior to OTA0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-33199",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-25T21:22:54.248408Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-25T21:23:03.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "NVIDIA DGX OS"
          ],
          "product": "DGX Spark",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to OTA0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering."
            }
          ],
          "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data Tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-670",
              "description": "CWE-670 Always-Incorrect Control Flow Implementation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T18:00:38.785Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33199"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-33199"
        },
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "NVIDIA PSIRT"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-33199",
    "datePublished": "2025-11-25T18:00:38.785Z",
    "dateReserved": "2025-04-15T18:51:05.242Z",
    "dateUpdated": "2025-11-25T21:23:03.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-33199",
      "date": "2026-06-27",
      "epss": "0.0012",
      "percentile": "0.02169"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-33199\",\"sourceIdentifier\":\"psirt@nvidia.com\",\"published\":\"2025-11-25T18:15:51.890\",\"lastModified\":\"2026-06-17T09:13:13.610\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.\"},{\"lang\":\"es\",\"value\":\"NVIDIA DGX Spark GB10 contiene una vulnerabilidad en el firmware SROOT, donde un atacante podr\u00eda causar un comportamiento incorrecto del flujo de control. Un exploit exitoso de esta vulnerabilidad podr\u00eda conducir a la manipulaci\u00f3n de datos.\"}],\"affected\":[{\"source\":\"psirt@nvidia.com\",\"affectedData\":[{\"vendor\":\"NVIDIA\",\"product\":\"DGX Spark\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"NVIDIA DGX OS\"],\"versions\":[{\"version\":\"All versions prior to OTA0\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":3.2,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.0,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-25T21:22:54.248408Z\",\"id\":\"CVE-2025-33199\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@nvidia.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-670\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:nvidia:dgx_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40EF912C-72C4-4758-9157-169CE92B33C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:nvidia:dgx_spark:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76975E53-4E5C-4C6D-85D9-EE2879F960DF\"}]}]}],\"references\":[{\"url\":\"https://nvd.nist.gov/vuln/detail/CVE-2025-33199\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5720\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cve.org/CVERecord?id=CVE-2025-33199\",\"source\":\"psirt@nvidia.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-33199\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-25T21:22:54.248408Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-25T21:22:59.070Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Data Tampering\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 3.2, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NVIDIA\", \"product\": \"DGX Spark\", \"versions\": [{\"status\": \"affected\", \"version\": \"All versions prior to OTA0\"}], \"platforms\": [\"NVIDIA DGX OS\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://nvd.nist.gov/vuln/detail/CVE-2025-33199\"}, {\"url\": \"https://www.cve.org/CVERecord?id=CVE-2025-33199\"}, {\"url\": \"https://nvidia.custhelp.com/app/answers/detail/a_id/5720\"}], \"x_generator\": {\"engine\": \"NVIDIA PSIRT\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.\", \"base64\": true}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-670\", \"description\": \"CWE-670 Always-Incorrect Control Flow Implementation\"}]}], \"providerMetadata\": {\"orgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"shortName\": \"nvidia\", \"dateUpdated\": \"2025-11-25T18:00:38.785Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-33199\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-25T21:23:03.253Z\", \"dateReserved\": \"2025-04-15T18:51:05.242Z\", \"assignerOrgId\": \"9576f279-3576-44b5-a4af-b9a8644b2de6\", \"datePublished\": \"2025-11-25T18:00:38.785Z\", \"assignerShortName\": \"nvidia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

BDU:2025-14850

Vulnerability from fstec - Published: 25.11.2025

Title

Уязвимость компонента SROOT операционной системы NVIDIA DGX OS рабочих станций для искусственного интеллекта DGX Spark, позволяющая нарушителю осуществить подмену данных

Description

Уязвимость компонента SROOT операционной системы NVIDIA DGX OS рабочих станций для искусственного интеллекта DGX Spark связана с реализацией некорректного потока управления. Эксплуатация уязвимости может позволить нарушителю осуществить подмену данных

Severity


                    
                      AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Vendor

NVIDIA Corp.

Software Name

NVIDIA DGX OS

Software Version

до OTA0 (NVIDIA DGX OS)

Possible Mitigations

Использование рекомендаций: https://nvidia.custhelp.com/app/answers/detail/a_id/5720

Reference

https://nvidia.custhelp.com/app/answers/detail/a_id/5720 https://1275.ru/vulnerability/kriticheskie-uyazvimosti-v-nvidia-dgx-spark-ugrozy-vypolneniya-koda-i-dos-atak_16689

CWE

CWE-670

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:P/A:N",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NVIDIA Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e OTA0 (NVIDIA DGX OS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5720",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14850",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-33199",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NVIDIA DGX OS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "NVIDIA Corp. NVIDIA DGX OS \u0434\u043e OTA0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SROOT \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NVIDIA DGX OS \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u043c\u0435\u043d\u0443 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043f\u043e\u0442\u043e\u043a\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f (CWE-670)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 SROOT \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NVIDIA DGX OS \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u043f\u043e\u0442\u043e\u043a\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u043f\u043e\u0434\u043c\u0435\u043d\u0443 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0414\u0430\u043d\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0440\u0430\u0431\u043e\u0447\u0438\u0445 \u0441\u0442\u0430\u043d\u0446\u0438\u0439 \u0434\u043b\u044f \u0438\u0441\u043a\u0443\u0441\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0430 DGX Spark \u043d\u0430 \u0431\u0430\u0437\u0435 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 NVIDIA GB10 Grace Blackwell Superchip.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720\nhttps://1275.ru/vulnerability/kriticheskie-uyazvimosti-v-nvidia-dgx-spark-ugrozy-vypolneniya-koda-i-dos-atak_16689",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-670",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,7)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,2)"
}

FKIE_CVE-2025-33199

Vulnerability from fkie_nvd - Published: 2025-11-25 18:15 - Updated: 2026-06-17 09:13

Severity

3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Summary

References

URL	Tags
psirt@nvidia.com	https://nvd.nist.gov/vuln/detail/CVE-2025-33199	Third Party Advisory
psirt@nvidia.com	https://nvidia.custhelp.com/app/answers/detail/a_id/5720	Vendor Advisory
psirt@nvidia.com	https://www.cve.org/CVERecord?id=CVE-2025-33199	Third Party Advisory

Impacted products

	Vendor	Product	Version
	nvidia	dgx_os	-
	nvidia	dgx_spark	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "NVIDIA DGX OS"
          ],
          "product": "DGX Spark",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to OTA0"
            }
          ]
        }
      ],
      "source": "psirt@nvidia.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nvidia:dgx_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF912C-72C4-4758-9157-169CE92B33C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nvidia:dgx_spark:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76975E53-4E5C-4C6D-85D9-EE2879F960DF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering."
    },
    {
      "lang": "es",
      "value": "NVIDIA DGX Spark GB10 contiene una vulnerabilidad en el firmware SROOT, donde un atacante podr\u00eda causar un comportamiento incorrecto del flujo de control. Un exploit exitoso de esta vulnerabilidad podr\u00eda conducir a la manipulaci\u00f3n de datos."
    }
  ],
  "id": "CVE-2025-33199",
  "lastModified": "2026-06-17T09:13:13.610",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.2,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 1.4,
        "source": "psirt@nvidia.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-33199",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-11-25T21:22:54.248408Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2025-11-25T18:15:51.890",
  "references": [
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33199"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
    },
    {
      "source": "psirt@nvidia.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33199"
    }
  ],
  "sourceIdentifier": "psirt@nvidia.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-670"
        }
      ],
      "source": "psirt@nvidia.com",
      "type": "Secondary"
    }
  ]
}

GHSA-VW24-HHMF-XP64

Vulnerability from github – Published: 2025-11-25 18:32 – Updated: 2025-11-25 18:32

Details

Severity

3.2 (Low)


                  
                    CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-33199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-670"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-25T18:15:51Z",
    "severity": "LOW"
  },
  "details": "NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering.",
  "id": "GHSA-vw24-hhmf-xp64",
  "modified": "2025-11-25T18:32:23Z",
  "published": "2025-11-25T18:32:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33199"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5720"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2025-2674

Vulnerability from csaf_certbund - Published: 2025-11-25 23:00 - Updated: 2025-11-25 23:00

Summary

Lenovo PGX Workstation (ThinkStation): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Lenovo ist ein Hersteller u. a. von Computern.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Lenovo PGX Workstation (ThinkStation) ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuführen, und um seine Privilegien zu erhöhen.

Betroffene Betriebssysteme: - Windows

CVE-2025-33187

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33188

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33189

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33190

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33191

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33192

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33193

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33194

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33195

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33196

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33197

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33198

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33199

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

CVE-2025-33200

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Lenovo Computer Flash BIOS Update-ThinkStation PGX <S0QKT0AA Lenovo / Computer		Flash BIOS Update-ThinkStation PGX <S0QKT0AA

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.lenovo.com/us/en/product_security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Lenovo ist ein Hersteller u. a. von Computern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Lenovo PGX Workstation (ThinkStation) ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Informationen offenzulegen, um Daten zu manipulieren, um einen Denial of Service Angriff durchzuf\u00fchren, und um seine Privilegien zu erh\u00f6hen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2674 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2674.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2674 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2674"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory vom 2025-11-25",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-208434"
      }
    ],
    "source_lang": "en-US",
    "title": "Lenovo PGX Workstation (ThinkStation): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-25T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-26T11:09:42.472+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-2674",
      "initial_release_date": "2025-11-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-11-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Flash BIOS Update-ThinkStation PGX \u003cS0QKT0AA",
                "product": {
                  "name": "Lenovo Computer Flash BIOS Update-ThinkStation PGX \u003cS0QKT0AA",
                  "product_id": "T048898"
                }
              },
              {
                "category": "product_version",
                "name": "Flash BIOS Update-ThinkStation PGX S0QKT0AA",
                "product": {
                  "name": "Lenovo Computer Flash BIOS Update-ThinkStation PGX S0QKT0AA",
                  "product_id": "T048898-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:lenovo:computer:flash_bios_update_-_thinkstation_pgx__s0qkt0aa"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Computer"
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-33187",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33187"
    },
    {
      "cve": "CVE-2025-33188",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33188"
    },
    {
      "cve": "CVE-2025-33189",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33189"
    },
    {
      "cve": "CVE-2025-33190",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33190"
    },
    {
      "cve": "CVE-2025-33191",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33191"
    },
    {
      "cve": "CVE-2025-33192",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33192"
    },
    {
      "cve": "CVE-2025-33193",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33193"
    },
    {
      "cve": "CVE-2025-33194",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33194"
    },
    {
      "cve": "CVE-2025-33195",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33195"
    },
    {
      "cve": "CVE-2025-33196",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33196"
    },
    {
      "cve": "CVE-2025-33197",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33197"
    },
    {
      "cve": "CVE-2025-33198",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33198"
    },
    {
      "cve": "CVE-2025-33199",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33199"
    },
    {
      "cve": "CVE-2025-33200",
      "product_status": {
        "known_affected": [
          "T048898"
        ]
      },
      "release_date": "2025-11-25T23:00:00.000+00:00",
      "title": "CVE-2025-33200"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-33199 (GCVE-0-2025-33199)

BDU:2025-14850

FKIE_CVE-2025-33199

GHSA-VW24-HHMF-XP64

WID-SEC-W-2025-2674

Tags

Sightings

Nomenclature