CVE-2025-33229
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-02-02
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | cuda_toolkit | to 13.1.0 (exc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in NVIDIA Nsight Visual Studio for Windows, specifically in the Nsight Monitor component. It allows an attacker with local access and low privileges to execute arbitrary code with the same privileges as the Nsight Visual Studio Edition Monitor application. The root cause is related to an uncontrolled search path element, meaning the application improperly handles search paths that an attacker can manipulate. Exploiting this flaw can lead to privilege escalation, code execution, data tampering, denial of service, and information disclosure. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to escalate their privileges and execute arbitrary code on your system with the same rights as the NVIDIA Nsight Visual Studio Edition Monitor application. This can result in serious impacts including unauthorized data tampering, denial of service, and disclosure of sensitive information, potentially compromising system integrity, confidentiality, and availability. [1]