Home

Description

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges.

PUBLISHED Reserved 2025-04-15 | Published 2026-02-24 | Updated 2026-02-24 | Assigner nvidia




HIGH: 8.0CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

Product status

Default status
unaffected

All versions prior to 5.14 (5.13.x, 5.12.x, and older GA versions)
affected

Default status
unaffected

All versions prior to 5.11.4
affected

Default status
unaffected

All versions prior to 5.9.4
affected

Default status
unaffected

All versions prior to 1.3 - 25.02.244
affected

Default status
unaffected

All versions prior to 25.02.4282
affected

Default status
unaffected

All versions prior to 25.02.5030
affected

References

nvd.nist.gov/vuln/detail/CVE-2025-33180

www.cve.org/CVERecord?id=CVE-2025-33180

nvidia.custhelp.com/app/answers/detail/a_id/5722

cve.org (CVE-2025-33180)

nvd.nist.gov (CVE-2025-33180)

Download JSON