CVE-2025-33229
Published: 20 January 2026
Summary
CVE-2025-33229 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Nvidia Cuda Toolkit. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique DLL (T1574.001); ranked at the 5.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-7 (Least Functionality).
Deeper analysis
CVE-2025-33229 is a vulnerability in NVIDIA Nsight Visual Studio for Windows, specifically within the Nsight Monitor component. It enables an attacker to execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. Successful exploitation may result in escalation of privileges, code execution, data tampering, denial of service, and information disclosure. The issue carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is linked to CWE-427: Untrusted Search Path. It was published on 2026-01-20.
The vulnerability requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R) for exploitation, with no change in scope (S:U). A low-privileged local attacker could leverage this to achieve high-impact confidentiality, integrity, and availability effects by executing code under the privileges of the affected Nsight Monitor process.
Mitigation guidance is available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5755, the NVD detail page at https://nvd.nist.gov/vuln/detail/CVE-2025-33229, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33229.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3373
Vulnerability details
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead…
more
to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-427 Untrusted Search Path directly enables DLL Search Order Hijacking (T1038) / DLL Side-Loading (T1574.002) for arbitrary code execution; resulting local privilege escalation maps to T1068.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Running the Nsight Monitor process with minimal privileges directly limits the impact of arbitrary code execution under its context.
Restricting the application to only approved executable paths and libraries blocks exploitation of the untrusted search path (CWE-427).
Integrity verification of loaded modules and binaries can detect or block malicious code placed in the search path before execution.