CVE-2025-33181

HIGH

NVIDIA Cumulus Linux/NVOS - Command Injection

Title source: llm

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

References (3)

[Various Sources] https://nvd.nist.gov/vuln/detail/CVE-2025-33181

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5722

[Various Sources] https://www.cve.org/CVERecord?id=CVE-2025-33181

Scores

CVSS v3 7.3

EPSS 0.0002

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-77

Status published

Affected Products (3)

nvidia/cumulus_linux < 5.14.0

nvidia/cumulus_linux < 5.9.4

nvidia/nvos < 25.02.2452

Timeline

Published Feb 24, 2026

Tracked Since Feb 25, 2026