Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-33179

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-24 Feb, 2026 | 18:41
Updated At-24 Feb, 2026 | 18:41
Rejected At-
Credits

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:24 Feb, 2026 | 18:41
Updated At:24 Feb, 2026 | 18:41
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
Cumulus Linux GA
Platforms
  • Cumulus Linux(5.14)
Default Status
unaffected
Versions
Affected
  • All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)
Vendor
NVIDIA CorporationNVIDIA
Product
Cumulus Linux LTS
Platforms
  • Cumulus Linux(5.11)
Default Status
unaffected
Versions
Affected
  • All versions prior to 5.11.4
Vendor
NVIDIA CorporationNVIDIA
Product
Cumulus Linux LTS
Platforms
  • Cumulus Linux(5.9)
Default Status
unaffected
Versions
Affected
  • All versions prior to 5.9.4
Vendor
NVIDIA CorporationNVIDIA
Product
NVOS
Platforms
  • GB200
Default Status
unaffected
Versions
Affected
  • All versions prior to 1.3 - 25.02.244
Vendor
NVIDIA CorporationNVIDIA
Product
NVOS
Platforms
  • GB300 (1.0)
Default Status
unaffected
Versions
Affected
  • All versions prior to 25.02.4282
Vendor
NVIDIA CorporationNVIDIA
Product
NVOS
Platforms
  • IBSwitch XDR
Default Status
unaffected
Versions
Affected
  • All versions prior to 25.02.5030
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266 Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266 Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/AEscalation of privileges
CAPEC ID: N/A
Description: Escalation of privileges
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvd.nist.gov/vuln/detail/CVE-2025-33179
N/A
https://www.cve.org/CVERecord?id=CVE-2025-33179
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5722
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2025-33179
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-33179
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5722
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:24 Feb, 2026 | 20:27
Updated At:24 Feb, 2026 | 21:52

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Primarypsirt@nvidia.com
CWE ID: CWE-266
Type: Primary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvd.nist.gov/vuln/detail/CVE-2025-33179psirt@nvidia.com
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5722psirt@nvidia.com
N/A
https://www.cve.org/CVERecord?id=CVE-2025-33179psirt@nvidia.com
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2025-33179
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5722
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2025-33179
Source: psirt@nvidia.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2025-33180
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-Not Assigned
Published-24 Feb, 2026 | 18:41
Updated-24 Feb, 2026 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

Action-Not Available
Vendor-NVIDIA Corporation
Product-NVOSCumulus Linux LTSCumulus Linux GA
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-25530
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.32% / 54.23%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:09
Updated-24 Sep, 2024 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX H100 BMCdgx_h100_bmc
CWE ID-CWE-20
Improper Input Validation
CVE-2025-23260
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5||MEDIUM
EPSS-0.04% / 10.88%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 17:28
Updated-15 Dec, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.

Action-Not Available
Vendor-NVIDIA Corporation
Product-aistoreAIStore
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2019-11893
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-29 May, 2019 | 19:58
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.

Action-Not Available
Vendor-Robert Bosch GmbH
Product-smart_home_controllersmart_home_controller_firmwareSmart Home Controller
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
Details not found