CVE-2025-33225
Predictable Log Filename Vulnerability in NVIDIA Linux Extension Enables Privilege Escalation
Publication date: 2025-12-16
Last updated on: 2026-02-02
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | resiliency_extension | 0.5.0 |
| nvidia | nvidia_resiliency_extension | to 0.5.0 (inc) |
| nvidia | nvidia_resiliency_extension | 0.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-33225 is a vulnerability in the NVIDIA Resiliency Extension for Linux related to log aggregation. The issue arises because an attacker can cause the creation of predictable log-file names, which can be exploited via symbolic link (symlink) attacks. This flaw allows an attacker with local access to potentially escalate privileges, execute code, cause denial of service, disclose information, and tamper with data. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to serious impacts including escalation of privileges, code execution, denial of service, information disclosure, and data tampering. This means an attacker could gain unauthorized control, disrupt services, access sensitive information, or alter data within the affected system. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the NVIDIA Resiliency Extension for Linux to version 0.5.0 or later, as this version addresses the issue with predictable log-file names in the log aggregation component. [2]