CVSS: 10.0EPSS: %CPEs: 1EXPL: 0CVE-2025-33208
https://notcve.org/view.php?id=CVE-2025-33208
03 Dec 2025 — NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33208 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-33211
https://notcve.org/view.php?id=CVE-2025-33211
03 Dec 2025 — NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33211 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: %CPEs: 1EXPL: 0CVE-2025-33201
https://notcve.org/view.php?id=CVE-2025-33201
03 Dec 2025 — NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33201 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33203
https://notcve.org/view.php?id=CVE-2025-33203
25 Nov 2025 — NVIDIA NeMo Agent Toolkit UI for Web contains a vulnerability in the chat API endpoint where an attacker may cause a Server-Side Request Forgery. A successful exploit of this vulnerability may lead to information disclosure and denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33203 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33205
https://notcve.org/view.php?id=CVE-2025-33205
25 Nov 2025 — NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. • https://nvd.nist.gov/vuln/detail/CVE-2025-33205 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33204
https://notcve.org/view.php?id=CVE-2025-33204
25 Nov 2025 — NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33204 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33194
https://notcve.org/view.php?id=CVE-2025-33194
25 Nov 2025 — NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33194 • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33193
https://notcve.org/view.php?id=CVE-2025-33193
25 Nov 2025 — NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33193 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33192
https://notcve.org/view.php?id=CVE-2025-33192
25 Nov 2025 — NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33192 • CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33191
https://notcve.org/view.php?id=CVE-2025-33191
25 Nov 2025 — NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. • https://nvd.nist.gov/vuln/detail/CVE-2025-33191 • CWE-20: Improper Input Validation •