CVE-2025-33230

HIGH

NVIDIA Nsight Systems for Linux - Command Injection

Title source: llm

Description

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

References (3)

Scores

CVSS v3 7.3
EPSS 0.0003
EPSS Percentile 6.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Classification

CWE
CWE-78
Status published

Affected Products (1)

nvidia/cuda_toolkit < 13.1.0

Timeline

Published Jan 20, 2026
Tracked Since Feb 18, 2026