CVE-2025-33228
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-02-02
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | cuda_toolkit | to 13.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. Essentially, an attacker could run unauthorized code, gain higher access rights, alter data, disrupt services, or access sensitive information. [1]
Can you explain this vulnerability to me?
This vulnerability exists in NVIDIA Nsight Systems within the gfx_hotspot recipe. It occurs when an attacker manually runs the process_nsys_rep_cli.py script and provides a malicious string, causing an OS command injection. This means the attacker can execute arbitrary operating system commands through this script. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the process_nsys_rep_cli.py script is present and if it has been invoked manually with potentially malicious input. Since the vulnerability requires local access and manual invocation, monitoring for unusual or unauthorized execution of this script could help detect exploitation attempts. Specific commands to detect this might include searching for the script on the system (e.g., using 'find' or 'locate') and auditing command history or process execution logs for invocations of process_nsys_rep_cli.py. However, no explicit detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local access to the system to trusted users only, avoiding manual invocation of the process_nsys_rep_cli.py script with untrusted input, and applying any patches or updates provided by NVIDIA once available. Since the vulnerability requires local access and user interaction, limiting user privileges and monitoring script usage can reduce risk. No specific mitigation commands or patches are detailed in the provided resources. [1]