CVE-2025-33180 - Vulnerability Details - OpenCVE

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-33180
https://nvidia.custhelp.com/app/answers/detail/a_id/5722
https://www.cve.org/CVERecord?id=CVE-2025-33180

History

Tue, 24 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Weaknesses		CWE-77
References		https://nvd.nist.gov/vuln/detail/CVE-2025-33180 https://nvidia.custhelp.com/app/answers/detail/a_id/5722 https://www.cve.org/CVERecord?id=CVE-2025-33180
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-02-24T18:41:48.632Z

Updated: 2026-02-24T21:31:41.482Z

Reserved: 2025-04-15T18:51:02.257Z

Link: CVE-2025-33180

Vulnrichment

Updated: 2026-02-24T21:31:03.518Z

NVD

Status : Awaiting Analysis

Published: 2026-02-24T20:27:42.943

Modified: 2026-02-24T21:52:01.367

Link: CVE-2025-33180

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-33180", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2025-04-15T18:51:02.257Z", "datePublished": "2026-02-24T18:41:48.632Z", "dateUpdated": "2026-02-24T21:31:41.482Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Cumulus Linux(5.14)"], "product": "Cumulus Linux GA", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)"}]}, {"defaultStatus": "unaffected", "platforms": ["Cumulus Linux(5.11)"], "product": "Cumulus Linux LTS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 5.11.4"}]}, {"defaultStatus": "unaffected", "platforms": ["Cumulus Linux(5.9)"], "product": "Cumulus Linux LTS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 5.9.4"}]}, {"defaultStatus": "unaffected", "platforms": ["GB200"], "product": "NVOS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 1.3 - 25.02.244"}]}, {"defaultStatus": "unaffected", "platforms": ["GB300 (1.0)"], "product": "NVOS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 25.02.4282"}]}, {"defaultStatus": "unaffected", "platforms": ["IBSwitch XDR"], "product": "NVOS", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to 25.02.5030"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges."}], "value": "NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Escalation of privileges"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-02-24T18:41:48.632Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33180"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33180"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5722"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T21:29:25.903586Z", "id": "CVE-2025-33180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:31:41.482Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-33180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T21:29:25.903586Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:31:03.518Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Escalation of privileges"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Cumulus Linux GA", "versions": [{"status": "affected", "version": "All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)"}], "platforms": ["Cumulus Linux(5.14)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Cumulus Linux LTS", "versions": [{"status": "affected", "version": "All versions prior to 5.11.4"}], "platforms": ["Cumulus Linux(5.11)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "Cumulus Linux LTS", "versions": [{"status": "affected", "version": "All versions prior to 5.9.4"}], "platforms": ["Cumulus Linux(5.9)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVOS", "versions": [{"status": "affected", "version": "All versions prior to 1.3 - 25.02.244"}], "platforms": ["GB200"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVOS", "versions": [{"status": "affected", "version": "All versions prior to 25.02.4282"}], "platforms": ["GB300 (1.0)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "NVOS", "versions": [{"status": "affected", "version": "All versions prior to 25.02.5030"}], "platforms": ["IBSwitch XDR"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33180"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-33180"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5722"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-02-24T18:41:48.632Z"}}}, "cveMetadata": {"cveId": "CVE-2025-33180", "state": "PUBLISHED", "dateUpdated": "2026-02-24T21:31:41.482Z", "dateReserved": "2025-04-15T18:51:02.257Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-02-24T18:41:48.632Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}