Cyber Resilience

CVE-2025-33206

High

Published: 14 January 2026

Published
14 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-33206 is a high-severity OS Command Injection (CWE-78) vulnerability in Nvidia Nsight Graphics. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 8.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-33206 is a command injection vulnerability (CWE-78) affecting NVIDIA Nsight Graphics for Linux. Published on 2026-01-14T19:16:41.690, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The flaw allows an attacker to inject commands through the affected component.

A local attacker requires no privileges (PR:N) but needs low-complexity attack methods and user interaction (UI:R), such as tricking a user into opening a malicious file or input. Successful exploitation could lead to arbitrary code execution, privilege escalation, data tampering, and denial of service on the targeted system.

Mitigation details are available in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5738, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33206, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33206. Security practitioners should consult these for patch information and workarounds.

EU & UK References

Vulnerability details

NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Command injection (CWE-78) directly enables arbitrary Unix shell command execution on Linux; requires user interaction with malicious file/input to trigger.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-33230Same product: Linux Linux Kernel
CVE-2025-23316Same product: Linux Linux Kernel
CVE-2026-5485Same product: Linux Linux Kernel
CVE-2025-33228Same vendor: Nvidia
CVE-2026-24217Same product: Linux Linux Kernel
CVE-2026-24210Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2025-33225Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel

Affected Assets

nvidia
nsight graphics
≤ 2025.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws, directly mitigating this specific command injection vulnerability through patching NVIDIA Nsight Graphics.

prevent

SI-10 mandates validation of information inputs, comprehensively preventing command injection exploits like CWE-78 in this CVE.

prevent

AC-6 enforces least privilege, limiting the scope of privilege escalation and damage from successful command injection by the local unprivileged attacker.

References