CVE-2025-33179
Received Received - Intake
Privilege Escalation via Unauthorized Command in NVIDIA NVUE Interface

Publication date: 2026-02-24

Last updated on: 2026-02-27

Assigner: NVIDIA Corporation

Description
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-27
Generated
2026-05-07
AI Q&A
2026-02-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-33179
EUVD
EUVD-2025-208097
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
nvidia cumulus_linux to 5.14.0 (exc)
nvidia cumulus_linux From 5.11.0 (inc) to 5.11.4 (exc)
nvidia cumulus_linux From 5.9.0 (inc) to 5.9.4 (exc)
nvidia nvos to 25.02.2452 (exc)
nvidia nvos to 25.02.4282 (exc)
nvidia nvos to 25.02.5030 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-33179 is a vulnerability in NVIDIA Cumulus Linux and NVOS products, specifically within the NVUE interface.

This flaw allows a low-privileged user to execute unauthorized commands, which can lead to escalation of privileges.

It is classified under CWE-266 (Incorrect Privilege Assignment) and has a high severity score of 8.0 according to CVSS v3.1.


How can this vulnerability impact me? :

The vulnerability allows a low-privileged user to run unauthorized commands, potentially escalating their privileges.

This can lead to a high impact on confidentiality, integrity, and availability of the affected system.

An attacker exploiting this flaw could gain greater control over the system than intended, possibly compromising sensitive data or disrupting operations.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate the CVE-2025-33179 vulnerability, users should update their NVIDIA Cumulus Linux and NVOS products to the fixed versions provided by NVIDIA.

  • Cumulus Linux GA version 5.14
  • Cumulus Linux LTS version 5.11.4
  • NVOS GB200 version 25.02.2452
  • NVOS GB300 (1.0) version 25.02.4282
  • IBSwitch XDR version 25.02.5030

Applying these updates will address the vulnerability that allows low-privileged users to execute unauthorized commands and escalate privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart