CNA: Nvidia Corporation Published: 2025-11-25 Updated: 2025-11-25 Description: - NVIDIA DGX Spark GB10 contains a flaw in the SROOT firmware, which could allow an attacker to perform arbitrary memory reads. This may lead to a Denial of Service. CWE: - CWE-690: Unchecked Return Value to NULL Pointer Dereference CVSS: - Score: 5.7 - Severity: MEDIUM - Version: 3.1 - Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L Product Status: - Vendor: NVIDIA - Product: DGX Spark - Platforms: NVIDIA DGX OS - Versions affected: All versions prior to OTA0 References: - NVD link - CVE.org link - NVIDIA support link