CVE-2025-33228

Published: Jan 20, 2026Modified: Feb 2, 2026

7.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.3 / Impact: 5.9

Source: psirt@nvidia.com (Secondary)

Description

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.

Affected (1)

Products: Nvidia: Cuda Toolkit

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nvidia Cuda Toolkit	Before 13.1.0

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-33228

Source: psirt@nvidia.com

US Government ResourceVDB Entry

https://nvidia.custhelp.com/app/answers/detail/a_id/5755

Source: psirt@nvidia.com

PatchVendor Advisory

https://www.cve.org/CVERecord?id=CVE-2025-33228

Source: psirt@nvidia.com

Third Party Advisory

Timeline

No history available yet.