CVE-2025-33179

Summary

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
NVIDIACumulus Linux GAAll versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)affected
NVIDIACumulus Linux LTSAll versions prior to 5.11.4affected
NVIDIACumulus Linux LTSAll versions prior to 5.9.4affected
NVIDIANVOSAll versions prior to 1.3 - 25.02.244affected
NVIDIANVOSAll versions prior to 25.02.4282affected
NVIDIANVOSAll versions prior to 25.02.5030affected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References