NVIDIA has issued an urgent security update for its DGX Spark AI workstation after its Offensive Security Research team discovered 14 vulnerabilities in the system’s firmware. These flaws could allow attackers to execute malicious code and launch denial of service attacks.
Critical Flaw in AI Workstation Firmware
The most severe flaw, tracked as CVE-2025-33187, carries a critical CVSS score of 9.3. This vulnerability affects all DGX Spark devices running versions before the new OTA0 update.
The 14 vulnerabilities reside in multiple firmware components of the DGX Spark GB10, including SROOT, OSROOT, and hardware resource controls. Attackers who gain local access can exploit these weaknesses to bypass security protections, modify hardware controls, and gain unauthorized access to protected areas of the system on chip (SoC).
The critical flaw allows attackers with privileged access to breach SoC protected areas, potentially leading to code execution, data theft, system manipulation, denial of service attacks, or privilege escalation.
Immediate Update Required
All NVIDIA DGX Spark systems running versions before OTA0 are vulnerable. NVIDIA is urging customers to download and install the latest DGX OS version immediately from the official NVIDIA DGX website, as the security update addresses all 14 CVEs simultaneously.
Although the vulnerabilities primarily require local access to exploit, some can be triggered without elevated privileges. Organizations using DGX Spark workstations for sensitive AI development and machine learning workloads must prioritize this update to prevent potential compromise of their AI models and training data. Users can also visit the NVIDIA Product Security page to subscribe to security bulletins.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
