CVE-2025-33181

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.0%

top 95.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cumulus Linux Nvidia Nvos Nvidia Cumulus Linux GA +1 more

Timeline

PublishedFeb 24

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages5 packages

▶NVDnvidia/cumulus_linux5.9.0 — 5.9.4+2

▶CVEListV5nvidia/cumulus_linux_gaAll versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)

▶CVEListV5nvidia/cumulus_linux_ltsAll versions prior to 5.11.4, All versions prior to 5.9.4+1

▶NVDnvidia/nvos< 25.02.2452+2

▶CVEListV5nvidia/nvosAll versions prior to 1.3 - 25.02.244, All versions prior to 25.02.4282, All versions prior to 25.02.5030+2

🔴Vulnerability Details

GHSA

GHSA-p5fg-p22w-8pfg: NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command↗2026-02-24

▶

CVEList

CVE-2025-33181: NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command↗2026-02-24

▶