Nvidia DGX Spark, NeMo:Critical security flaws threaten AI hardware and software
Attackers can exploit a critical security vulnerability in Nvidia's AI computer DGX Spark, among other things.
(Image: AFANASEV IVAN/Shutterstock.com)
Nvidia's AI hardware and software DGX Spark and NeMo Framework are vulnerable. Security updates close several vulnerabilities. In the worst case, attackers can completely compromise systems after executing malicious code. So far, there are no reports of ongoing attacks.
With NeMo, developers can set up large language models (LLMs), among other things. DGX Spark is a computer specialized for AI applications.
Various Dangers
A "critical" vulnerability (CVE-2025-33187) in DGX OS affects the SROOT component, and attackers can access actually isolated SoC areas in an undescribed manner. This can lead to the execution of malicious code, among other things.
As indicated by a warning message, the developers have closed a total of fourteen vulnerabilities in DGX OS OTA0. All previous versions are vulnerable. The majority are classified as "medium" threat level. If attacks are successful, attackers can gain unauthorized access to information or disable services via DoS attacks. In addition, malicious code can get onto computers.
Videos by heise
In a post about NeMo Framework, the developers have listed two now-closed software vulnerabilities (CVE-2025-33204, CVE-2025-33205). In both cases, malicious code execution can occur. All platforms are impacted. The developers assure that the security issues have been resolved in NeMo Framework 2.5.1. All previous versions are said to be vulnerable.
Most recently, Nvidia closed several security vulnerabilities in the AI tools AIStore Framework, NeMo Framework, and Triton Inference Server. In these areas, attackers can gain higher user privileges, among other things.
(des)
