CVE-2025-33179
Received Received - Intake
Privilege Escalation via Unauthorized Command in NVIDIA NVUE Interface

Publication date: 2026-02-24

Last updated on: 2026-02-27

Assigner: NVIDIA Corporation

Description
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-02-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-33179
EUVD
EUVD-2025-208097
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
nvidia cumulus_linux to 5.14.0 (exc)
nvidia cumulus_linux From 5.11.0 (inc) to 5.11.4 (exc)
nvidia cumulus_linux From 5.9.0 (inc) to 5.9.4 (exc)
nvidia nvos to 25.02.2452 (exc)
nvidia nvos to 25.02.4282 (exc)
nvidia nvos to 25.02.5030 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-33179 is a vulnerability in NVIDIA Cumulus Linux and NVOS products, specifically within the NVUE interface.

This flaw allows a low-privileged user to execute unauthorized commands, which can lead to escalation of privileges.

It is classified under CWE-266 (Incorrect Privilege Assignment) and has a high severity score of 8.0 according to CVSS v3.1.

Impact Analysis

The vulnerability allows a low-privileged user to run unauthorized commands, potentially escalating their privileges.

This can lead to a high impact on confidentiality, integrity, and availability of the affected system.

An attacker exploiting this flaw could gain greater control over the system than intended, possibly compromising sensitive data or disrupting operations.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the CVE-2025-33179 vulnerability, users should update their NVIDIA Cumulus Linux and NVOS products to the fixed versions provided by NVIDIA.

  • Cumulus Linux GA version 5.14
  • Cumulus Linux LTS version 5.11.4
  • NVOS GB200 version 25.02.2452
  • NVOS GB300 (1.0) version 25.02.4282
  • IBSwitch XDR version 25.02.5030

Applying these updates will address the vulnerability that allows low-privileged users to execute unauthorized commands and escalate privileges.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-33179. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart