CVE-2025-33180

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 64.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cumulus Linux Nvidia Nvos Nvidia Cumulus Linux GA +1 more

Timeline

PublishedFeb 24

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages5 packages

▶NVDnvidia/cumulus_linux5.9.0 — 5.9.4+2

▶CVEListV5nvidia/cumulus_linux_gaAll versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)

▶CVEListV5nvidia/cumulus_linux_ltsAll versions prior to 5.11.4, All versions prior to 5.9.4+1

▶NVDnvidia/nvos< 25.02.2452+2

▶CVEListV5nvidia/nvosAll versions prior to 1.3 - 25.02.244, All versions prior to 25.02.4282, All versions prior to 25.02.5030+2

🔴Vulnerability Details

CVEList

CVE-2025-33180: NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command↗2026-02-24

▶

GHSA

GHSA-mhh4-8fhx-47qg: NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command↗2026-02-24

▶