CVE-2025-33220

Summary

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIAGeForceAll driver versions prior to 590.48.01affected
NVIDIAGeForceAll driver versions prior to 580.126.09affected
NVIDIAGeForceAll driver versions prior to 570.211.01affected
NVIDIAGeForceAll driver versions prior to 535.288.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 590.48.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 580.126.09affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 570.211.01affected
NVIDIARTX PRO, RTX, QuadroAll driver versions prior to 535.288.01affected
NVIDIATeslaAll driver versions prior to 590.48.01affected
NVIDIATeslaAll driver versions prior to 580.126.09affected
NVIDIATeslaAll driver versions prior to 570.211.01affected
NVIDIATeslaAll driver versions prior to 535.288.01affected
NVIDIAVirtual GPU Manager580.105.06(All versions prior to and including vGPU software 19.3)affected
NVIDIAVirtual GPU Manager570.195.02(All versions prior to and including vGPU software 18.5)affected
NVIDIAVirtual GPU Manager535.274.03(All versions prior to and including vGPU software 16.13)affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References