CVE-2025-33225
Unknown Unknown - Not Provided
Predictable Log Filename Vulnerability in NVIDIA Linux Extension Enables Privilege Escalation

Publication date: 2025-12-16

Last updated on: 2026-02-02

Assigner: NVIDIA Corporation

Description
NVIDIA Resiliency Extension for Linux contains a vulnerability in log aggregation, where an attacker could cause predictable log-file names. A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-33225
EUVD
EUVD-2025-203813
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nvidia resiliency_extension 0.5.0
nvidia nvidia_resiliency_extension to 0.5.0 (inc)
nvidia nvidia_resiliency_extension 0.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-33225 is a vulnerability in the NVIDIA Resiliency Extension for Linux related to log aggregation. The issue arises because an attacker can cause the creation of predictable log-file names, which can be exploited via symbolic link (symlink) attacks. This flaw allows an attacker with local access to potentially escalate privileges, execute code, cause denial of service, disclose information, and tamper with data. [1, 2]

Impact Analysis

Exploiting this vulnerability can lead to serious impacts including escalation of privileges, code execution, denial of service, information disclosure, and data tampering. This means an attacker could gain unauthorized control, disrupt services, access sensitive information, or alter data within the affected system. [1, 2]

Mitigation Strategies

To mitigate this vulnerability, you should update the NVIDIA Resiliency Extension for Linux to version 0.5.0 or later, as this version addresses the issue with predictable log-file names in the log aggregation component. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33225. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart