CVE-2025-33191 is a vulnerability identified in the OSROOT firmware component of NVIDIA DGX Spark GB10 systems, which are specialized high-performance computing platforms designed for AI and data-intensive workloads. The flaw stems from improper input validation (CWE-20), allowing an attacker with local access to trigger an invalid memory read. This memory access violation can cause the system to crash or become unstable, resulting in denial of service (DoS). The vulnerability affects all versions prior to the OTA0 update, with no patches currently available. The CVSS v3.1 base score is 5.7, reflecting a medium severity level. The attack vector is local (AV:L), requiring no privileges (PR:N) or user interaction (UI:N), but the scope is changed (S:C), indicating that the impact extends beyond the vulnerable component to other system parts. Confidentiality impact is low (C:L), integrity is unaffected (I:N), and availability impact is low (A:L). No known exploits have been reported in the wild, suggesting limited current threat but potential risk if exploited. The vulnerability is significant for environments relying on DGX Spark systems for critical AI workloads, where availability is crucial. The improper input validation could be triggered by malicious or malformed inputs to the firmware, possibly through local administrative interfaces or compromised internal components.

For European organizations, the primary impact of CVE-2025-33191 is operational disruption due to denial of service on NVIDIA DGX Spark systems. These systems are often deployed in AI research, scientific computing, and data centers, where uptime and reliability are critical. A successful exploit could halt AI model training or inference tasks, delaying projects and causing financial and reputational damage. Confidentiality risks are minimal, but availability loss could affect service delivery and SLAs. Organizations with large-scale HPC or AI infrastructure, especially in sectors like automotive, aerospace, finance, and academia, may experience significant operational setbacks. The requirement for local access limits remote exploitation, but insider threats or compromised internal networks could still pose risks. The lack of current patches means organizations must rely on compensating controls until updates are released. Given the strategic importance of AI and HPC in Europe’s digital economy, disruptions could have broader impacts on innovation and competitiveness.

1. Restrict physical and local access to NVIDIA DGX Spark systems to trusted personnel only, implementing strict access controls and monitoring. 2. Employ network segmentation and isolation for DGX Spark environments to limit exposure to potentially malicious internal actors. 3. Monitor system logs and firmware behavior for anomalies indicative of attempted exploitation or instability. 4. Develop incident response plans specifically addressing potential DoS scenarios on critical AI infrastructure. 5. Coordinate with NVIDIA for timely notification and deployment of firmware updates or patches once available. 6. Consider deploying host-based intrusion detection systems (HIDS) to detect unusual local activities targeting firmware components. 7. Conduct regular security audits and firmware integrity checks to ensure system components have not been tampered with. 8. Educate administrators and operators on the risks associated with local firmware vulnerabilities and the importance of secure operational practices.