Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
NVIDIA Cumulus Linux and NVOS: Privilege Escalation via Unauthorized Command
CVE-2025-33179
Summary
A low-privileged user might be able to run commands they shouldn't, potentially gaining more control over the system. This could happen if the user is tricked into running a malicious command through the NVUE interface. NVIDIA recommends updating the affected products to the latest version to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nvidia | cumulus_linux | <= 5.14.0 | – |
| nvidia | cumulus_linux | > 5.9.0 , <= 5.9.4 | – |
| nvidia | cumulus_linux | > 5.11.0 , <= 5.11.4 | – |
| nvidia | nvos | <= 25.02.2452 | – |
| nvidia | nvos | <= 25.02.4282 | – |
| nvidia | nvos | <= 25.02.5030 | – |
Original title
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might...
Original description
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges.
nvd CVSS3.1
8.8
Vulnerability type
CWE-266
Incorrect Privilege Assignment
- https://nvd.nist.gov/vuln/detail/CVE-2025-33179 Third Party Advisory US Government Resource
- https://nvidia.custhelp.com/app/answers/detail/a_id/5722 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33179 Third Party Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026