Cyber Posture

CVE-2025-33229

High

Published: 20 January 2026

Published
20 January 2026
Modified
02 February 2026
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-33229 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Nvidia Cuda Toolkit. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique DLL Search Order Hijacking (T1038); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to DLL Search Order Hijacking (T1038) and 2 other techniques.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1038 DLL Search Order Hijacking Persistence
Windows systems use a common method to look for required DLLs to load into a program.
attack.mitre.org →
T1574.002 DLL Side-Loading Stealth
Adversaries may execute their own malicious payloads by side-loading DLLs.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

CWE-427 Untrusted Search Path directly enables DLL Search Order Hijacking (T1038) / DLL Side-Loading (T1574.002) for arbitrary code execution; resulting local privilege escalation maps to T1068.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead…

more

to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

Deeper analysisAI

CVE-2025-33229 is a vulnerability in NVIDIA Nsight Visual Studio for Windows, specifically within the Nsight Monitor component. It enables an attacker to execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. Successful exploitation may result in escalation of privileges, code execution, data tampering, denial of service, and information disclosure. The issue carries a CVSS v3.1 base score of 7.3 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) and is linked to CWE-427: Untrusted Search Path. It was published on 2026-01-20.

The vulnerability requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R) for exploitation, with no change in scope (S:U). A low-privileged local attacker could leverage this to achieve high-impact confidentiality, integrity, and availability effects by executing code under the privileges of the affected Nsight Monitor process.

Mitigation guidance is available in official advisories, including the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5755, the NVD detail page at https://nvd.nist.gov/vuln/detail/CVE-2025-33229, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2025-33229.

Details

CWE(s)
CWE-427

Affected Products

nvidia
cuda toolkit
≤ 13.1.0

CVEs Like This One

CVE-2025-57836Same product: Microsoft Windows
CVE-2024-55540Same product: Microsoft Windows
CVE-2024-55543Same product: Microsoft Windows
CVE-2026-3775Same product: Microsoft Windows
CVE-2025-21206Same vendor: Microsoft
CVE-2025-15558Same product: Microsoft Windows
CVE-2025-21127Same product: Microsoft Windows
CVE-2026-2713Same product: Microsoft Windows
CVE-2026-32172Same vendor: Microsoft
CVE-2024-9492Shared CWE-427

References