CVE-2025-33230

Description

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

NVIDIA / CUDA ToolkitAll versions prior to CUDA Toolkit 13.1 – All versions prior to CUDA Toolkit 13.1

References

CONFIRMhttps://nvd.nist.gov/vuln/detail/CVE-2025-33230
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2025-33230
MISChttps://nvidia.custhelp.com/app/answers/detail/a_id/5755