CVE-2025-33181
Published: 24 February 2026
Summary
CVE-2025-33181 is a high-severity Command Injection (CWE-77) vulnerability in Nvidia Cumulus Linux. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection (CWE-77) in local NVUE interface directly enables Unix shell command execution and exploitation for privilege escalation from low-privileged user.
NVD Description
NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.
Deeper analysisAI
CVE-2025-33181 is a command injection vulnerability (CWE-77) in the NVUE interface of NVIDIA Cumulus Linux and NVOS products. It enables a low-privileged user to inject commands, which could lead to escalation of privileges. The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H) and was published on 2026-02-24.
A low-privileged local user can exploit this vulnerability with low complexity and requires user interaction. Successful exploitation might allow the attacker to escalate privileges, resulting in high impacts to confidentiality, integrity, and availability.
Mitigation details are available in the NVIDIA security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5722, along with further information in the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33181 and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33181.
Details
- CWE(s)