CVE-2025-33217
Published: 28 January 2026
Summary
CVE-2025-33217 is a high-severity Use After Free (CWE-416) vulnerability in Custhelp (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-33217 is a use-after-free vulnerability (CWE-416) in the NVIDIA Display Driver for Windows. Published on 2026-01-28, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
The vulnerability requires local access, low attack complexity, and low privileges, with no user interaction needed and unchanged scope. A local attacker could trigger the use-after-free condition in the display driver, potentially achieving arbitrary code execution, privilege escalation from low-level access, data tampering, system denial of service, or exposure of sensitive information.
Mitigation details are available in advisories including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5747, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-33217, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33217.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206463
Vulnerability details
NVIDIA Display Driver for Windows contains a vulnerability where an attacker could trigger a use after free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in kernel display driver directly enables local arbitrary code execution leading to privilege escalation from low privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely patching and remediation of the use-after-free flaw in the NVIDIA Display Driver to prevent exploitation.
Implements memory protection mechanisms such as ASLR and DEP that comprehensively mitigate use-after-free exploitation attempts.
Enables vulnerability scanning to identify systems with the vulnerable NVIDIA Display Driver version.