CVE-2025-33230
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-02-02

Assigner: NVIDIA Corporation

Description
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-02-02
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33230
EUVD
EUVD-2026-3353
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nvidia cuda_toolkit to 13.1.0 (exc)
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the NVIDIA Nsight Systems for Linux .run installer, where an attacker can supply a malicious string as the installation path, causing an OS command injection. This means the attacker can execute arbitrary operating system commands during installation, potentially leading to privilege escalation, code execution, data tampering, denial of service, and information disclosure. [1]

Impact Analysis

If exploited, this vulnerability can allow an attacker to escalate their privileges on the system, execute arbitrary code, tamper with data, cause denial of service, and disclose sensitive information. These impacts can compromise system security, data integrity, and availability. [1]

Detection Guidance

This vulnerability can be detected by checking if the NVIDIA Nsight Systems for Linux .run installer is present and if it has been executed with potentially malicious installation paths. Since the vulnerability involves OS command injection via the installation path, monitoring or auditing installation commands for unusual or suspicious path strings could help detect exploitation attempts. Specific commands to detect this vulnerability are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding running the NVIDIA Nsight Systems .run installer with untrusted or user-supplied installation paths, restricting local user access to the installer, and applying any patches or updates released by NVIDIA addressing this vulnerability. Since the vulnerability requires local access and user interaction, limiting local user privileges and monitoring installation activities can reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33230. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart